Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe

Overview

General Information

Sample name:SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe
Analysis ID:1428477
MD5:630eaf6b2cd6a3d86a3575f746a660ea
SHA1:deecbf311666f0234c0b8bd8142b698c931ae822
SHA256:be306e6861976343a15defb58fb07f500f5376eff3a54deb320ae64dd0a15431
Tags:exe
Infos:

Detection

PureLog Stealer
Score:46
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
Detected potential unwanted application
Excessive usage of taskkill to terminate processes
Modifies Internet Explorer zone settings
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Uses taskkill to terminate processes
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe (PID: 4524 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe" MD5: 630EAF6B2CD6A3D86A3575F746A660EA)
    • SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp (PID: 1248 cmdline: "C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp" /SL5="$10474,14009033,878592,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe" MD5: C587F58BA1C48D1EF273A4B9F9E1CEAC)
      • taskkill.exe (PID: 6352 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5536 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6784 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 2020 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 2132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 2920 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 2180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 3364 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5696 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5592 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 3380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1880 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 4980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5304 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 1680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6152 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 3652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6208 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 2148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5028 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 3624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6388 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 3396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 320 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 3184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5592 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 2180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1880 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 3560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1276 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 5660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 6152 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup_startup" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 3652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 6784 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "Right BackupNotifier" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 3276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 6208 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "Right BackupNotifier_startup" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 3288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 3624 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "Right BackupNotifier_trigger" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 4856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 2132 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup_WD" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 2820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • RightBackup.exe (PID: 6520 cmdline: "C:\Program Files (x86)\Right Backup\RightBackup.exe" loadvalues MD5: 0E1DC3C18FD7BE48BDC6664E40705E1C)
      • RightBackup.exe (PID: 4112 cmdline: "C:\Program Files (x86)\Right Backup\RightBackup.exe" install MD5: 0E1DC3C18FD7BE48BDC6664E40705E1C)
      • RightBackup.exe (PID: 3496 cmdline: "C:\Program Files (x86)\Right Backup\RightBackup.exe" firstinstall -autoscanafterinstall -fireurlsilently MD5: 0E1DC3C18FD7BE48BDC6664E40705E1C)
      • RBNotifier.exe (PID: 2472 cmdline: "C:\Program Files (x86)\Right Backup\RBNotifier.exe" createschedule -fireurlsilently MD5: 9224B0817D3684EAE9E20804F29D3DED)
        • RightBackup.exe (PID: 412 cmdline: "C:\Program Files (x86)\Right Backup\RightBackup.exe" loadvalues MD5: 0E1DC3C18FD7BE48BDC6664E40705E1C)
  • svchost.exe (PID: 1964 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • RBClientService.exe (PID: 3396 cmdline: "C:\Program Files (x86)\Right Backup\RBClientService.exe" MD5: E3EDEEE8F3B5C66ED697C231F0DDB056)
  • RightBackup.exe (PID: 4524 cmdline: "C:\Program Files (x86)\Right Backup\RightBackup.exe" autolaunch MD5: 0E1DC3C18FD7BE48BDC6664E40705E1C)
  • RBNotifier.exe (PID: 6664 cmdline: "C:\Program Files (x86)\Right Backup\RBNotifier.exe" neweventtrigger MD5: 9224B0817D3684EAE9E20804F29D3DED)
  • RBNotifier.exe (PID: 6184 cmdline: "C:\Program Files (x86)\Right Backup\RBNotifier.exe" startup MD5: 9224B0817D3684EAE9E20804F29D3DED)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Right Backup\is-UGSPB.tmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    C:\Program Files (x86)\Right Backup\is-1OA4D.tmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      C:\Program Files (x86)\Right Backup\is-7Q60P.tmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        C:\Program Files (x86)\Right Backup\is-6ESI6.tmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Program Files (x86)\Right Backup\is-6ESI6.tmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            Click to see the 4 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              00000038.00000000.2474621787.00000000000E2000.00000002.00000001.01000000.00000015.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000036.00000000.2372039696.0000000000012000.00000002.00000001.01000000.00000014.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 1 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      56.0.RBNotifier.exe.e0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        54.0.RBClientService.exe.10000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                          56.2.RBNotifier.exe.4aa0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                            2.3.SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp.7630000.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              2.3.SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp.7656040.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                Click to see the 5 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Modification of IE Registry Settings
                                Source: Registry Key setAuthor: frack113: Data: Details: 0, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Right Backup\RightBackup.exe, ProcessId: 3496, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1206
                                Sigma detected: Windows Processes Suspicious Parent Directory
                                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 1964, ProcessName: svchost.exe

                                Snort Signatures

                                Timestamp:04/19/24-01:33:00.171014
                                SID:2809549
                                Source Port:49706
                                Destination Port:80
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9DE5C CryptDestroyKey,51_2_06A9DE5C
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9DD40 sqlite3_rekey,CryptDestroyKey,CryptDestroyKey,51_2_06A9DD40
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9DABA CryptEncrypt,51_2_06A9DABA
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9DA00 CryptDecrypt,51_2_06A9DA00
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9DA72 CryptEncrypt,51_2_06A9DA72
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9DB30 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDestroyHash,51_2_06A9DB30
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9D890 sqlite3_initialize,sqlite3_free,CryptEncrypt,sqlite3_initialize,sqlite3_free,51_2_06A9D890
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9D86F CryptAcquireContextA,51_2_06A9D86F
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49723 version: TLS 1.0
                                Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49764 version: TLS 1.0
                                Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49771 version: TLS 1.0
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeStatic PE information: certificate valid
                                Source: unknownHTTPS traffic detected: 157.245.131.96:443 -> 192.168.2.5:49707 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 13.33.4.104:443 -> 192.168.2.5:49709 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 157.245.131.96:443 -> 192.168.2.5:49727 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 69.164.42.2:443 -> 192.168.2.5:49738 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.5:49739 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 69.164.42.2:443 -> 192.168.2.5:49737 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 23.108.29.119:443 -> 192.168.2.5:49736 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 99.84.208.33:443 -> 192.168.2.5:49753 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.217.215.154:443 -> 192.168.2.5:49760 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.217.215.154:443 -> 192.168.2.5:49761 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 64.233.177.99:443 -> 192.168.2.5:49763 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 64.233.177.99:443 -> 192.168.2.5:49762 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49767 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49774 version: TLS 1.2
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Source: Binary string: *.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg source: RightBackup.exe, 00000033.00000002.2350454510.0000000008175000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2310466576.0000000003D6E000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2350454510.0000000008226000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2350454510.00000000080B1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007EB1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050D8000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: RightBackup.pdb source: RightBackup.exe, 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmp
                                Source: Binary string: <?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>8</Id><ext>*.raw,*.wmp,*.tif,*.tiff,*.pict,*.cdr,*.bmp,*.gif,*.jpeg,*.jpg,*.ofx,*.pub,*.ps,*.psd,*.qxd,*.png,*.eps,*.dwg,*.dxf,*.ico,*.indd,*.iges,*.cr2,*.ai,*.3ds,*.pcx,*.sgv,*.wmf,*.met,*.pgm,*.ras,*.svm,*.xbm,*.emf,*.pbm,*.plt,*.sda,*.tga,*.xpm,*.pcd,*.pct,*.ppm,*.sgf,*.pck,*.wpg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>16</Id><ext>*.wma,*.ses,*.ram,*.m4a,*.m4b,*.m4p,*.mid,*.midi,*.mp2,*.mp3,*.mso,*.ogg,*.cda,*.all,*.amr,*.ape,*.asf,*.aif,*.aiff,*.au,*.audiocd,*.dm,*.dss,*.dvf,*.wav</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>32</Id><ext>*.eml</ext><path><string>RB_OSDRIVE</string></path></ssi><ssi><Id>64</Id><ext>*.mny,*.qbw,*.qel,*.qsd,*.qph,*.qbb,*.tax,*.t01,*.t02,*.t03,*.t04,*.t05,*.t06,*.t07,*.t08,*.t09,*.qdf,*.tax2009,*.001,*.247,*.500,*.900,*.989,*.tcp,*.tsf,*.tsm,*.bds,*.sys,*.mdf,*.ldf,*.bkp,*.db,*.cs,*.qbm,*.qbo,*.des,*.qbr,*.qwc,*.qbstbl2.usa,*.qbx,*.qba,*.qby,*.qbj,*.qsm,*.qss,*.qst</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>128</Id><ext>*.azw.?,*.mobi,*.epub</ext><path><string>RB_ALLDRIVES</string></path></ssi></ArrayOfSsi> source: RightBackup.exe, 00000033.00000002.2350454510.0000000008175000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2310466576.0000000003D6E000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2350454510.0000000008226000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: Microsoft.SqlServer.Types.pdb source: RightBackup.exe, RightBackup.exe, 00000033.00000002.2349213712.0000000007530000.00000002.00000001.01000000.0000000E.sdmp
                                Source: Binary string: ?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>8</Id><ext>*.raw,*.wmp,*.tif,*.tiff,*.pict,*.cdr,*.bmp,*.gif,*.jpeg,*.jpg,*.ofx,*.pub,*.ps,*.psd,*.qxd,*.png,*.eps,*.dwg,*.dxf,*.ico,*.indd,*.iges,*.cr2,*.ai,*.3ds,*.pcx,*.sgv,*.wmf,*.met,*.pgm,*.ras,*.svm,*.xbm,*.emf,*.pbm,*.plt,*.sda,*.tga,*.xpm,*.pcd,*.pct,*.ppm,*.sgf,*.pck,*.wpg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>16</Id><ext>*.wma,*.ses,*.ram,*.m4a,*.m4b,*.m4p,*.mid,*.midi,*.mp2,*.mp3,*.mso,*.ogg,*.cda,*.all,*.amr,*.ape,*.asf,*.aif,*.aiff,*.au,*.audiocd,*.dm,*.dss,*.dvf,*.wav</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>32</Id><ext>*.eml</ext><path><string>RB_OSDRIVE</string></path></ssi><ssi><Id>64</Id><ext>*.mny,*.qbw,*.qel,*.qsd,*.qph,*.qbb,*.tax,*.t01,*.t02,*.t03,*.t04,*.t05,*.t06,*.t07,*.t08,*.t09,*.qdf,*.tax2009,*.001,*.247,*.500,*.900,*.989,*.tcp,*.tsf,*.tsm,*.bds,*.sys,*.mdf,*.ldf,*.bkp,*.db,*.cs,*.qbm,*.qbo,*.des,*.qbr,*.qwc,*.qbstbl2.usa,*.qbx,*.qba,*.qby,*.qbj,*.qsm,*.qss,*.qst</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>128</Id><ext>*.azw.?,*.mobi,*.epub</ext><path><string>RB_ALLDRIVES</string></path></ssi></ArrayOfSsi>@\]q source: RightBackup.exe, 00000033.00000002.2350454510.0000000008175000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2310466576.0000000003D6E000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2350454510.0000000008226000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: d:\Regclean Pro\rcp\src\UpdateDownload\src\Release\update.pdb source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: <?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>8</Id><ext>*.raw,*.wmp,*.tif,*.tiff,*.pict,*.cdr,*.bmp,*.gif,*.jpeg,*.jpg,*.ofx,*.pub,*.ps,*.psd,*.qxd,*.png,*.eps,*.dwg,*.dxf,*.ico,*.indd,*.iges,*.cr2,*.ai,*.3ds,*.pcx,*.sgv,*.wmf,*.met,*.pgm,*.ras,*.svm,*.xbm,*.emf,*.pbm,*.plt,*.sda,*.tga,*.xpm,*.pcd,*.pct,*.ppm,*.sgf,*.pck,*.wpg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>16</Id><ext>*.wma,*.ses,*.ram,*.m4a,*.m4b,*.m4p,*.mid,*.midi,*.mp2,*.mp3,*.mso,*.ogg,*.cda,*.all,*.amr,*.ape,*.asf,*.aif,*.aiff,*.au,*.audiocd,*.dm,*.dss,*.dvf,*.wav</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>32</Id><ext>*.eml</ext><path><string>RB_OSDRIVE</string></path></ssi><ssi><Id>64</Id><ext>*.mny,*.qbw,*.qel,*.qsd,*.qph,*.qbb,*.tax,*.t01,*.t02,*.t03,*.t04,*.t05,*.t06,*.t07,*.t08,*.t09,*.qdf,*.tax2009,*.001,*.247,*.500,*.900,*.989,*.tcp,*.tsf,*.tsm,*.bds,*.sys,*.mdf,*.ldf,*.bkp,*.db,*.cs,*.qbm,*.qbo,*.des,*.qbr,*.qwc,*.qbstbl2.usa,*.qbx,*.qba,*.qby,*.qbj,*.qsm,*.qss,*.qst</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>128</Id><ext>*.azw.?,*.mobi,*.epub</ext><path><string>RB_ALLDRIVES</string></path></ssi></ArrayOfSsi>)|ntuser\.dat(.+?)|ntuser\.pol(.+?)|usrclass\.dat(.+?)|desktop\.ini|\~\$(.+?)|\.\~(.+?)</item></ir><ir><Id>4</Id><item>index\.dat</item></ir><ir><Id>5</Id><item>lnk</item></ir><ir><Id>6</Id><item>edb|tmp|log|ini|pf|chk|lo_|crmlog|bak|dmp|hdmp|mdmp|wab\~|vmc|vhd|vo1|vo2|vsv|vud|vmdk|vmsn|vmsd|hdd|vdi|vmwarevm|nvram|vmx|vmem|iso|dmg|sparseimage|dl_|wim|113|\$\$|\$db|abf|abk|afm|ani|ann|bac|bck|bcm|bdb|bdf|bkf|bmk|bsc|cab|cf1|chq|chw|cnt|com|cpl|ffl|cur|dev|dfont|drv|eot|evt|evtx|ffa|ffo|ffx|fnt|fon|ftg|fts|fxp|gid|grp|hxi|hxq|hxr|hxs|idb|idx|ilk|img|ins|ipf|isp|its|jar|jse|kbd|kext|lex|lib|lwfn|msc|msm|msp|mst|ncb|nt|obj|obs|old|ost|otf|pch|pfa|pfb|pfm|plist|pnf|pol|pref|prf|prg|prn|pwl|rdb|rll|rox|sbr|scf|scr|sdb|shb|suit|swp|sys|theme|tms|ttc|v2i|vbe|vga|vgd|vxd|win|wpk|db</item></ir><ir><Id>7</Id><listItem><Item><Key><string>:\documents and settings\SYSTEM_USER_
                                Source: Binary string: RBClientService.pdb( source: RBClientService.exe, 00000036.00000002.3281787479.0000000001432000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: <?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>8</Id><ext>*.raw,*.wmp,*.tif,*.tiff,*.pict,*.cdr,*.bmp,*.gif,*.jpeg,*.jpg,*.ofx,*.pub,*.ps,*.psd,*.qxd,*.png,*.eps,*.dwg,*.dxf,*.ico,*.indd,*.iges,*.cr2,*.ai,*.3ds,*.pcx,*.sgv,*.wmf,*.met,*.pgm,*.ras,*.svm,*.xbm,*.emf,*.pbm,*.plt,*.sda,*.tga,*.xpm,*.pcd,*.pct,*.ppm,*.sgf,*.pck,*.wpg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>16</Id><ext>*.wma,*.ses,*.ram,*.m4a,*.m4b,*.m4p,*.mid,*.midi,*.mp2,*.mp3,*.mso,*.ogg,*.cda,*.all,*.amr,*.ape,*.asf,*.aif,*.aiff,*.au,*.audiocd,*.dm,*.dss,*.dvf,*.wav</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>32</Id><ext>*.eml</ext><path><string>RB_OSDRIVE</string></path></ssi><ssi><Id>64</Id><ext>*.mny,*.qbw,*.qel,*.qsd,*.qph,*.qbb,*.tax,*.t01,*.t02,*.t03,*.t04,*.t05,*.t06,*.t07,*.t08,*.t09,*.qdf,*.tax2009,*.001,*.247,*.500,*.900,*.989,*.tcp,*.tsf,*.tsm,*.bds,*.sys,*.mdf,*.ldf,*.bkp,*.db,*.cs,*.qbm,*.qbo,*.des,*.qbr,*.qwc,*.qbstbl2.usa,*.qbx,*.qba,*.qby,*.qbj,*.qsm,*.qss,*.qst</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>128</Id><ext>*.azw.?,*.mobi,*.epub</ext><path><string>RB_ALLDRIVES</string></path></ssi></ArrayOfSsi>4 source: RightBackup.exe, 00000033.00000002.2350454510.0000000008175000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2310466576.0000000003D6E000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2350454510.0000000008226000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: RBClientService.pdb source: RBClientService.exe, 00000036.00000002.3281787479.0000000001432000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: STBackupclient.pdb source: RightBackup.exe, RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior

                                Networking

                                barindex
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2809549 ETPRO MALWARE PUP Win32.Systweak.K Retrieving External IP 192.168.2.5:49706 -> 157.245.131.96:80
                                Yara detected Generic Downloader
                                Source: Yara matchFile source: 51.2.RightBackup.exe.60d0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 51.0.RightBackup.exe.d90000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-7Q60P.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-6ESI6.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-RSVNH.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-K8A67.tmp, type: DROPPED
                                Source: global trafficHTTP traffic detected: GET /rightbackup/notifier/update.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /rightbackup/notifier/update.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /rightbackup/notifier/notifier_rb.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1Content-Type: application/jsonHost: activate123.comConnection: Close
                                Source: global trafficHTTP traffic detected: GET /rightbackup/notifier/update.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /rightbackup/notifier/notifier_rb.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1Content-Type: application/jsonHost: activate123.comConnection: Close
                                Source: global trafficHTTP traffic detected: GET /rightbackup/update.asp?utm_source=SecuriteInfo.com.Program.Unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=SecuriteInfo.com.Program.Unwanted.5412.9308.3353&utm_content=None&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=RightBackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=MicrosoftWindows10Pro&ram=8.00GB&model=avlwOHo2&procr=Intel(R)Core(TM)2CPU6600@2.40GHz&ibv=0&iev=0&pxl=RB_DEF_PIXEL&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&OfferType=1&sn=SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GO7bhrEGIjCETCh9UtZYlspzRqjPwiNRWOfzR7PdEmdaI2i22-n8z8tywl1DtL93if4xmfly0tkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.com
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
                                Source: global trafficHTTP traffic detected: GET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GO_bhrEGIjBicapeUPPORed_k7SaohNnnaEUzA_nA6L1WELRTq_i0fpuMUuxRz1Zkh1zrha3hF0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.com
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GPvbhrEGIjD9CNYptdrUpkXnpROC2ijQf6k6DnUYpw8oBI7X3BhHAzL9qBXXme4pJbt_UQaZysAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.com
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
                                Source: global trafficHTTP traffic detected: GET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GP3bhrEGIjDXJz3M4S1TfDaN5vCHPwS6yS7tx5yyoQn_AeiAlVlkM0Jcx90RBY8TAkDhaTcBrCAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.com
                                Source: Joe Sandbox ViewIP Address: 104.17.24.14 104.17.24.14
                                Source: Joe Sandbox ViewIP Address: 23.108.29.119 23.108.29.119
                                Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: global trafficHTTP traffic detected: GET /getipaddress.asp HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.com
                                Source: global trafficHTTP traffic detected: GET /getipaddress.asp/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.comCookie: _csrf=9neg0FpgTGUOd2ewIHKGlIcI
                                Source: global trafficHTTP traffic detected: GET /ip?ip=81.181.57.52 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: wkrn9i3f01.execute-api.us-east-1.amazonaws.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /afterinstall.aspx?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.com
                                Source: global trafficHTTP traffic detected: GET /afterinstall.aspx/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.comCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.comCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /css/after/typography.css HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-AliveCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /css/afterpages.css HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-AliveCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/afterinstall_ss_windows_notms.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdnjs.cloudflare.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/logo.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /trservice.js HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: trackingapi.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /css/modal.css HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-AliveCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /js/tracking.js HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-AliveCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/my-account-btn.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/start-bck-btn.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/afterinstall_upload.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /js/common.js HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-AliveCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/free_space_cloud_poup.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/login_icon.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/os_icon.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: OPTIONS /trservice/trackpixel?params=ttype%3D4%26cpst%3D0%26x-btn%3Dafter-install_Load%26x-browser%3DIE%26x-plt%3DWindows%2010%26productId%3D10929%26x-content%3Dafterinstall%26x-term%3Dsetup%26x-source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26x-campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26x-medium%3Dnewbuild%26x-lip%3D%26x-pxl%3Drb_def_pixel%26x-bdts%3D12072023%252019%253A39%253A21%26x-instdts%3D19042024%252001%253A33%253A01%26x-affiliate%3D%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26lip%3D%26pxl%3Drb_def_pixel%26bdts%3D12072023%252019%253A39%253A21%26instdts%3D19042024%252001%253A33%253A01%26affiliate%3D%26newrb%3D1%26page%3Dinstall%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%25402.40ghz%26ibv%3D0%26iev%3D11%26offertype%3D1%26sn%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353.exe%26CurrentPagePath%3Dwww.rightbackup.com%2Fafter-install%2F%26referrerUrl%3D&_=1713763142552 HTTP/1.1Accept: */*Origin: https://www.rightbackup.comAccess-Control-Request-Method: GETAccess-Control-Request-Headers: content-type, acceptAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s1kegmsmob.execute-api.us-east-1.amazonaws.comContent-Length: 0Connection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/1x1.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/942863319/?random=1713795359245&cv=11&fst=1713795359245&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&hn=www.googleadservices.com&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&pscdl=noapi&auid=1607475134.1713795359&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: googleads.g.doubleclick.netConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/11088213923/?random=1713798043237&cv=11&fst=1713798043237&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&hn=www.googleadservices.com&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&pscdl=noapi&auid=1607475134.1713795359&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: googleads.g.doubleclick.netConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /trservice/trackpixel?params=ttype%3D4%26cpst%3D0%26x-btn%3Dafter-install_Load%26x-browser%3DIE%26x-plt%3DWindows%2010%26productId%3D10929%26x-content%3Dafterinstall%26x-term%3Dsetup%26x-source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26x-campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26x-medium%3Dnewbuild%26x-lip%3D%26x-pxl%3Drb_def_pixel%26x-bdts%3D12072023%252019%253A39%253A21%26x-instdts%3D19042024%252001%253A33%253A01%26x-affiliate%3D%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26lip%3D%26pxl%3Drb_def_pixel%26bdts%3D12072023%252019%253A39%253A21%26instdts%3D19042024%252001%253A33%253A01%26affiliate%3D%26newrb%3D1%26page%3Dinstall%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%25402.40ghz%26ibv%3D0%26iev%3D11%26offertype%3D1%26sn%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353.exe%26CurrentPagePath%3Dwww.rightbackup.com%2Fafter-install%2F%26referrerUrl%3D&_=1713763142552 HTTP/1.1Content-Type: application/json; charset=utf-8Accept: application/json, text/javascript, */*; q=0.01Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHOrigin: https://www.rightbackup.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s1kegmsmob.execute-api.us-east-1.amazonaws.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/11088213923/?random=1713798043237&cv=11&fst=1713798000000&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwB7FLtq9BFqBzQ6EDa2_43YU_KInaGcGJtB3Q&random=774164256&rmt_tld=0&ipr=y HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/942863319/?random=1713795359245&cv=11&fst=1713794400000&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqNfeJrqLQrEhbuyTjKUCmIwG0bHjIlA&random=3903080233&rmt_tld=0&ipr=y HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /getipaddress.asp HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /getipaddress.asp/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.comCookie: _csrf=9neg0FpgTGUOd2ewIHKGlIcI
                                Source: global trafficHTTP traffic detected: GET /afterinstall.aspx?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /afterinstall.aspx/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.comCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49723 version: TLS 1.0
                                Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49764 version: TLS 1.0
                                Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49771 version: TLS 1.0
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: global trafficHTTP traffic detected: GET /getipaddress.asp HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.com
                                Source: global trafficHTTP traffic detected: GET /getipaddress.asp/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.comCookie: _csrf=9neg0FpgTGUOd2ewIHKGlIcI
                                Source: global trafficHTTP traffic detected: GET /ip?ip=81.181.57.52 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: wkrn9i3f01.execute-api.us-east-1.amazonaws.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /rightbackup/notifier/update.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /afterinstall.aspx?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.com
                                Source: global trafficHTTP traffic detected: GET /afterinstall.aspx/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.comCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.comCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /css/after/typography.css HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-AliveCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /css/afterpages.css HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-AliveCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/afterinstall_ss_windows_notms.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdnjs.cloudflare.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/logo.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /trservice.js HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: trackingapi.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /css/modal.css HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-AliveCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /js/tracking.js HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-AliveCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/my-account-btn.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/start-bck-btn.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/afterinstall_upload.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /js/common.js HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-AliveCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/free_space_cloud_poup.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/login_icon.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/os_icon.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /website/rightbackup/images/1x1.png HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: cdn.systweak.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/942863319/?random=1713795359245&cv=11&fst=1713795359245&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&hn=www.googleadservices.com&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&pscdl=noapi&auid=1607475134.1713795359&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: googleads.g.doubleclick.netConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/11088213923/?random=1713798043237&cv=11&fst=1713798043237&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&hn=www.googleadservices.com&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&pscdl=noapi&auid=1607475134.1713795359&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: googleads.g.doubleclick.netConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /trservice/trackpixel?params=ttype%3D4%26cpst%3D0%26x-btn%3Dafter-install_Load%26x-browser%3DIE%26x-plt%3DWindows%2010%26productId%3D10929%26x-content%3Dafterinstall%26x-term%3Dsetup%26x-source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26x-campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26x-medium%3Dnewbuild%26x-lip%3D%26x-pxl%3Drb_def_pixel%26x-bdts%3D12072023%252019%253A39%253A21%26x-instdts%3D19042024%252001%253A33%253A01%26x-affiliate%3D%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26lip%3D%26pxl%3Drb_def_pixel%26bdts%3D12072023%252019%253A39%253A21%26instdts%3D19042024%252001%253A33%253A01%26affiliate%3D%26newrb%3D1%26page%3Dinstall%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%25402.40ghz%26ibv%3D0%26iev%3D11%26offertype%3D1%26sn%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353.exe%26CurrentPagePath%3Dwww.rightbackup.com%2Fafter-install%2F%26referrerUrl%3D&_=1713763142552 HTTP/1.1Content-Type: application/json; charset=utf-8Accept: application/json, text/javascript, */*; q=0.01Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHOrigin: https://www.rightbackup.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s1kegmsmob.execute-api.us-east-1.amazonaws.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/11088213923/?random=1713798043237&cv=11&fst=1713798000000&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwB7FLtq9BFqBzQ6EDa2_43YU_KInaGcGJtB3Q&random=774164256&rmt_tld=0&ipr=y HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/942863319/?random=1713795359245&cv=11&fst=1713794400000&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqNfeJrqLQrEhbuyTjKUCmIwG0bHjIlA&random=3903080233&rmt_tld=0&ipr=y HTTP/1.1Accept: */*Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exeAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /rightbackup/notifier/update.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /rightbackup/notifier/notifier_rb.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1Content-Type: application/jsonHost: activate123.comConnection: Close
                                Source: global trafficHTTP traffic detected: GET /rightbackup/notifier/update.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /rightbackup/notifier/notifier_rb.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1Content-Type: application/jsonHost: activate123.comConnection: Close
                                Source: global trafficHTTP traffic detected: GET /getipaddress.asp HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /getipaddress.asp/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.comCookie: _csrf=9neg0FpgTGUOd2ewIHKGlIcI
                                Source: global trafficHTTP traffic detected: GET /afterinstall.aspx?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rightbackup.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /rightbackup/update.asp?utm_source=SecuriteInfo.com.Program.Unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=SecuriteInfo.com.Program.Unwanted.5412.9308.3353&utm_content=None&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=RightBackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=MicrosoftWindows10Pro&ram=8.00GB&model=avlwOHo2&procr=Intel(R)Core(TM)2CPU6600@2.40GHz&ibv=0&iev=0&pxl=RB_DEF_PIXEL&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&OfferType=1&sn=SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /afterinstall.aspx/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.rightbackup.comCookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GO7bhrEGIjCETCh9UtZYlspzRqjPwiNRWOfzR7PdEmdaI2i22-n8z8tywl1DtL93if4xmfly0tkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.com
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
                                Source: global trafficHTTP traffic detected: GET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GO_bhrEGIjBicapeUPPORed_k7SaohNnnaEUzA_nA6L1WELRTq_i0fpuMUuxRz1Zkh1zrha3hF0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.com
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GPvbhrEGIjD9CNYptdrUpkXnpROC2ijQf6k6DnUYpw8oBI7X3BhHAzL9qBXXme4pJbt_UQaZysAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.com
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
                                Source: global trafficHTTP traffic detected: GET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GP3bhrEGIjDXJz3M4S1TfDaN5vCHPwS6yS7tx5yyoQn_AeiAlVlkM0Jcx90RBY8TAkDhaTcBrCAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.com
                                Source: RightBackup.exe, 00000035.00000002.2411253559.0000000005293000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <!--<object classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" width= "231" height="196"><param name="movie" value="http://www.youtube.com/v/R-6-6VOnwrA&theme=light"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/R-6-6VOnwrA&theme=light" type="application/x-shockwave-flash" allowfullscreen="true" width="231" height="196" allowscriptaccess="always"></embed></object> equals www.youtube.com (Youtube)
                                Source: unknownDNS traffic detected: queries for: www.rightbackup.com
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003CCA000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003CF4000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3271955890.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.168.0.26/rightbackupservice/cRightBackupServer.svc/
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/rightbackup/update.asp
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2493502977.00000000074E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://afo.checkfilename.com/fileoptimizerweb/dotnettracker.aspx?version=7
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2493502977.00000000074E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://afo.checkfilename.com/fileoptimizerweb/dotnettracker.aspx?version=8
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2493502977.00000000074E3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://afo.checkfilename.com/fileoptimizerweb/dotnettracker.aspx?version=9
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aws.amazoHbH
                                Source: RightBackup.exe, 00000033.00000002.2310466576.00000000039D7000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.00000000038E7000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aws.amazon.com/
                                Source: RightBackup.exe, RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://aws.amazon.com/s3
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://aws.amazon.com/s38
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aws.amazon.com/t-
                                Source: RightBackup.exe, 00000033.00000000.2286554354.0000000001402000.00000002.00000001.01000000.0000000A.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001432000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://blogs.msdn.com/b/chuckw/archive/2013/09/10/manifest-madness.aspx
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2493502977.0000000007490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/df/NDP452.exe
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
                                Source: svchost.exe, 00000034.00000002.3273170597.0000021143400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A00000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cyworld.nate.com/nuclear_mine
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.0000000003740000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://d1.rightbackup.com/paraminfo/?param=
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BD97000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000AA68000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.0000000005293000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dynamicdrive.com/notice.htm
                                Source: svchost.exe, 00000034.00000003.2306387977.0000021143190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flowplayer.org/tools/
                                Source: RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050DE000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://localhost:8000/RightBackup/serviceXnet.pipe://localhost/RightBackup/CloudServerBhttp://localh
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rightbackup.com/PrivacyPolicy#EULA
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rightbackup.com/PrivacyPolicy#PrivacyPolicyFucAbout
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rightbackup.com/UninstallGuideLines
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/IPCCommunication
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/IPCCommunicationd
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupService
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupService&
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupService(
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupService1
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupService8
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServiceT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServiceY
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServiceZ
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupService_
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServiceb
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServicec
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServiced
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServicee
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServicef
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServiceg
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServiceh
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServicek
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/RightBackupServiceo
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/STBackupclient.Engine.DataParser
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/STBackupclient.Engine.DataParserd
                                Source: RightBackup.exe, 00000033.00000002.2350454510.000000000813D000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007F28000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                                Source: RightBackup.exe, 00000033.00000002.2310466576.00000000039D7000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.00000000038E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                Source: RightBackup.exe, 00000033.00000002.2350454510.000000000813D000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007F28000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                                Source: RightBackup.exe, 00000033.00000002.2350454510.000000000813D000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007F28000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                                Source: RightBackup.exe, 00000033.00000002.2350454510.000000000813D000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007F28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultL
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                                Source: RightBackup.exe, 00000033.00000002.2310466576.00000000039D7000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.00000000038E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: RightBackup.exe, 00000033.00000002.2310466576.00000000039D7000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.00000000038E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                                Source: RightBackup.exe, 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://sqlite.phxsoftware.com
                                Source: RightBackup.exe, 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://sqlite.phxsoftware.comn#
                                Source: RBClientService.exe, 00000036.00000002.3271955890.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://support.microsoft.coZ
                                Source: RBClientService.exe, 00000036.00000002.3271955890.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://support.sys
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://support.systweak.com/rb.php
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007F28000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://tempuri.org/$
                                Source: RightBackup.exe, 00000033.00000002.2350454510.000000000813D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/4
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:NetNamedPipeBinding4
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://tempuri.org/GetUserDetailsT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomBackupResumeRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomBackupResumeRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomBackupRunRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomBackupRunRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomBackupStopRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomBackupStopRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomBackupSuspendRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomBackupSuspendRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomRestoreResumeRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomRestoreResumeRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomRestoreRunRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomRestoreRunRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomRestoreStopRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomRestoreStopRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomRestoreSuspendRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/CustomRestoreSuspendRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/GetBackupSizeInfoRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/GetBackupSizeInfoRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/IsServiceRunningLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/IsServiceRunningResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/ScheduleBackupRunRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/ScheduleBackupRunRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/SignInRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/SignInRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/SignOutRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/SignOutRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/SignUpRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/SignUpRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/SmartBackupRunRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/SmartBackupRunRequestResponseT
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/SmartRestoreRunRequestLR
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/IBackupRequest/SmartRestoreRunRequestResponseT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/AddPromotionResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/AddPromotionT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/BeginDeltaFileBackupResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/BeginDeltaFileBackupT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/BeginDeltaFileSetBackupResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/BeginDeltaFileSetBackupT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/BeginFileBackupResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/BeginFileBackupT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/BeginFileSetBackupResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/BeginFileSetBackupT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/BeginWebFileBackupResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/BeginWebFileBackupT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/CommitDeltaFileBackupResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/CommitDeltaFileBackupT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/CommitDeltaFileSetBackupResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/CommitDeltaFileSetBackupT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/CommitFileBackupResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/CommitFileBackupT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/CommitFileSetBackupResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/CommitFileSetBackupT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/CommitWebFileBackupResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/CommitWebFileBackupT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/DeleteFilesByIdResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/DeleteFilesByIdT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/DeleteFilesByPathResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/DeleteFilesByPathT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/DeleteFilesFromWebResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/DeleteFilesFromWebT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetAmazonCredentialsResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetAmazonCredentialsT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByIdListResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByIdListT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByIdResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByIdT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByLevelListResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByLevelListT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByLevelResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByLevelT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByNodeListResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByNodeListT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByNodeResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByNodeT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByPathHashListResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByPathHashListT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByPathHashResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeByPathHashT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeListResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeListT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetDirTreeT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetEmailExistStatusResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetEmailExistStatusT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetEnumsResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetEnumsT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetFileSearchByNameResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetFileSearchByNameT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserConfig2Response
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserConfig2T
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserConfigOrderIdResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserConfigOrderIdT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserConfigResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserConfigT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserDeltaFileSetListResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserDeltaFileSetListT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserDeltaFileSetResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserDeltaFileSetT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserDeltaFilesListResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserDeltaFilesListT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserDeltaFilesResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserDeltaFilesT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserFilesByStatusResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserFilesByStatusT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserFilesListByDirResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserFilesListByDirT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserFilesListResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserFilesListT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserFilesListWithLastIdResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserFilesListWithLastIdT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserFilesResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserFilesT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserMachinesResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserMachinesT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserSmartBackupDetailsResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserSmartBackupDetailsT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserSmartDirDetailsResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserSmartDirDetailsT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserSmartDirFilesResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserSmartDirFilesT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserSmartFilesListResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserSmartFilesListT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserSmartTypeFilesResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserSmartTypeFilesT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserWebFilesListResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/GetUserWebFilesListT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/IsWebFileDeltaResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/IsWebFileDeltaT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/LoginUserResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/LoginUserT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/RegisterUserResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/RegisterUserT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/SendInvitationResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/SendInvitationT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/SetMachineInfoResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/SetMachineInfoT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/SetRestoreLogsResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/SetRestoreLogsT
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/UpdateMachineInfoResponse
                                Source: RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://tempuri.org/IRightBackupServer/UpdateMachineInfoT
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmp, RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/T
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/X
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://threedubmedia.com)
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.0000000003740000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://track.rightbackup.com/tempfile/
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://updateservice1.systweak.com/
                                Source: RightBackup.exe, 00000033.00000002.2350454510.000000000813D000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007F0D000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.0000000005095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://updateservice1.systweak.com/stofflineactivation/getkeycode.aspx
                                Source: RightBackup.exe, 00000035.00000002.2443898050.0000000007F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://updateservice1.systweak.com/stofflineactivation/getkeycode.aspx8
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws1a.systweak.com/
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws1b.systweak.com/
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws1c.systweak.com/
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ws1d.systweak.com/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A00000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BD97000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000AA68000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.0000000005293000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.dynamicdrive.com)
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BD97000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000AA68000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.0000000005293000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.dynamicdrive.com/dynamicindex5/popinfo3.htm
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.0000000005095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect?v=1&tid=UA-46722188-1&cid=
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.istool.org/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.istool.org/isxdl.aspx
                                Source: RightBackup.exe, RightBackup.exe, 00000033.00000002.2349213712.0000000007530000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.opengis.net/gml
                                Source: RightBackup.exe, 00000033.00000002.2349213712.0000000007530000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.opengis.net/gml(SqlServerSpatial.dll
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.radarsync.com/
                                Source: RBClientService.exe, 00000036.00000002.3271955890.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.coj
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com
                                Source: RightBackup.exe, 00000035.00000002.2443898050.00000000081B3000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2455989481.000000000A5C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/6http://www.rightbackup.com/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/?
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/ForgotPassword?email=
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/PlanPricing/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2493502977.00000000074D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/Policy#PrivacyPolicy
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2493502977.00000000074D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/Policy#TermsOfUse
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.0000000005095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterinstall.aspx?
                                Source: RBClientService.exe, 00000036.00000002.3271955890.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterinstall.aspx?newrb=
                                Source: RightBackup.exe, 00000033.00000002.2310466576.0000000003DBA000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003CC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterinstall.aspx?newrb=1
                                Source: RightBackup.exe, 00000033.00000002.2310466576.0000000003DEA000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003CF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterinstall.aspx?newrb=1&amp&utm_content=AfterInstall&amp&
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterinstall.aspx?newrb=1&amp;utm_content=AfterInstall&amp;
                                Source: RightBackup.exe, 00000033.00000002.2310466576.0000000003DBA000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterinstall.aspx?newrb=1&utm_content
                                Source: RightBackup.exe, 00000033.00000002.2310466576.00000000039D7000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2310466576.0000000003DBA000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2310466576.0000000003DEA000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.00000000038E7000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003CCA000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003CF4000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterinstall.aspx?newrb=1&utm_content=AfterInstall&
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterinstall.aspx?newrb=1&utm_content=AfterInstall&utm_term=Setup&page=in
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.0000000003722000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afteruninstall.aspx?utm_source=
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.0000000005095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterupdate.aspx?
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000506C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterupdate.aspx?newrb=1&Z
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterupdate.aspx?newrb=1&utm_content=AfterUpdate&utm_term=Setup&page=inst
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterupdate.aspx?newrb=1&utm_content=AfterUpdate&utm_term=Setup&page=upda
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterupdate.aspx?utm_content=AfterUpdate&utm_term=Setup&page=Update&utm_s
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/afterupdate.aspx?utm_content=AfterUpdate&utm_term=Setup&page=Update&utm_u
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/autologin/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/autologin/?
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/autologin/?renew=1&
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/changepwd/?q=
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/eula?showlic=1&lang=
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/firstscanned.asp
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.0000000003740000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.000000000097F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.0000000000983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000987000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2535108341.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/getipaddress.asp
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2060653608.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000999000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.00000000009A0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2535108341.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/getipaddress.asp/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000999000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/getipaddress.asp/4
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000999000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/getipaddress.asp/u
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2535108341.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/getipaddress.asp8
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2535108341.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/getipaddress.aspH
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.000000000097F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.0000000000983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000987000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/getipaddress.aspS
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003CCA000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3354195957.0000000003F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rightbackup.com/rbfeedbackservice/RBFeedbackService.asmx
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.systweak.com
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000506C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.systweak.com/NagTracking.aspxt
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A00000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.yildizyazilim.gen.tr%1
                                Source: RightBackup.exe, 00000035.00000002.2411253559.0000000005293000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/v/R-6-6VOnwrA&theme=light
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://y31uv4ra1.vo.llnwd.net/
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://blogs.systweak.com/2017/05/hello-world-brace-yourself-for-wannacry-ransomware-attack/#howtop
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d34m24xlh61hdw.cloudfront.net/
                                Source: svchost.exe, 00000034.00000003.2306387977.0000021143203000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                                Source: svchost.exe, 00000034.00000003.2306387977.0000021143190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g4a2uta3m.vo.llnwd.net/
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://is.systweak.com/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000000.2016625530.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.000000000097F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com.
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000506F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oyjvzigvl8.execute-api.us-east-1.amazonaws.com/prod/getnagvalue
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2552333360.00000000056A0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wkrn9i3f01.execute-api.us-east-1.amazonaws.com/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2552333360.00000000056A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wkrn9i3f01.execute-api.us-east-1.amazonaws.com/J
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.0000000003740000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wkrn9i3f01.execute-api.us-east-1.amazonaws.com/ip?ip=
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.000000000094D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2493502977.0000000007538000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wkrn9i3f01.execute-api.us-east-1.amazonaws.com/ip?ip=81.181.57.52
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wkrn9i3f01.execute-api.us-east-1.amazonaws.com/ip?ip=81.181.57.52:
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wkrn9i3f01.execute-api.us-east-1.amazonaws.com/ip?ip=81.181.57.52QQC:
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.000000000094D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wkrn9i3f01.execute-api.us-east-1.amazonaws.com/ip?ip=81.181.57.52_r
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003CF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ws1a.systweak.com/cRightBackupServer
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ws1a.systweak.com/cRightBackupServer.svc/
                                Source: RBClientService.exe, 00000036.00000002.3271955890.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ws1c.systweak.com/cRightBackupSerJ
                                Source: RightBackup.exe, 00000033.00000002.2310466576.0000000003E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ws1c.systweak.com/cRightBackupServer
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ws1c.systweak.com/cRightBackupServer.svc/
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ws1d.systweak.com/cRightBackupServer.svc/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000000.2024870294.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000000.2024870294.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000978000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.0000000000976000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075836848.0000000000976000.00000004.00000020.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.000000000094D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/Policy#DMCA
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/Policy#DMCA.
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000372E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/Policy#DMCA30
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2523980236.0000000005747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/Policy#DMCAX3kB7
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2523980236.0000000005747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.000000000094D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000372E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/Policy#FairUsagePolicy
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2523980236.0000000005747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.000000000094D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000372E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/Policy#PrivacyPolicy
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000978000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.0000000000976000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075836848.0000000000976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/R2
                                Source: RightBackup.exe, 00000033.00000002.2350454510.000000000813D000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/getipaddress.asp
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/getipaddress.asp/
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000999000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/getipaddress.asp/W
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/getipaddress.asp/o
                                Source: RightBackup.exe, 00000035.00000002.2443898050.0000000007F0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/getipaddress.asp8
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2535108341.000000000090E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/getipaddress.aspI
                                Source: RightBackup.exe, 00000035.00000002.2411253559.0000000005095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.rightbackup.com/getipaddress.aspy%userprofile%
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.systweak.com/
                                Source: RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.systweak.com/right-backup-tool/
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                                Source: unknownHTTPS traffic detected: 157.245.131.96:443 -> 192.168.2.5:49707 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 13.33.4.104:443 -> 192.168.2.5:49709 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 157.245.131.96:443 -> 192.168.2.5:49727 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 69.164.42.2:443 -> 192.168.2.5:49738 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.5:49739 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 69.164.42.2:443 -> 192.168.2.5:49737 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 23.108.29.119:443 -> 192.168.2.5:49736 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 99.84.208.33:443 -> 192.168.2.5:49753 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.217.215.154:443 -> 192.168.2.5:49760 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.217.215.154:443 -> 192.168.2.5:49761 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 64.233.177.99:443 -> 192.168.2.5:49763 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 64.233.177.99:443 -> 192.168.2.5:49762 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49767 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49774 version: TLS 1.2

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Reads the Security eventlog
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\Service1
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Reads the System eventlog
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Service1
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

                                System Summary

                                barindex
                                Detected potential unwanted application
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exePE Siganture Subject Chain: CN=Systweak Software, O=Systweak Software, L=Jaipur, S=Rajasthan, C=IN
                                Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak\Right Backup
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak\Right Backup\2.1.1000.154
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_060DA31051_2_060DA310
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_060E044451_2_060E0444
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_060D546051_2_060D5460
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_060E088151_2_060E0881
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_060D989051_2_060D9890
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_060D90BD51_2_060D90BD
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_060E192B51_2_060E192B
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_060D317051_2_060D3170
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_060E11AC51_2_060E11AC
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AAE68151_2_06AAE681
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AB862751_2_06AB8627
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A407B051_2_06A407B0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A764C051_2_06A764C0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A3A47051_2_06A3A470
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A3645051_2_06A36450
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A3656051_2_06A36560
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A802E051_2_06A802E0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A6C21051_2_06A6C210
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AA227D51_2_06AA227D
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9835051_2_06A98350
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A680E051_2_06A680E0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AB80E351_2_06AB80E3
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AAEF2A51_2_06AAEF2A
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AB8F1251_2_06AB8F12
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AB8C9751_2_06AB8C97
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A72CF051_2_06A72CF0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A42B6051_2_06A42B60
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AAEB5651_2_06AAEB56
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9565051_2_06A95650
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A7974051_2_06A79740
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AAF75651_2_06AAF756
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A6950051_2_06A69500
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AA950651_2_06AA9506
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06ABB51051_2_06ABB510
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A3557051_2_06A35570
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A5B2D851_2_06A5B2D8
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A5B22051_2_06A5B220
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AB921751_2_06AB9217
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4326051_2_06A43260
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8F3A051_2_06A8F3A0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06ACB32951_2_06ACB329
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AAF33651_2_06AAF336
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8131051_2_06A81310
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A7536051_2_06A75360
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06ACD17E51_2_06ACD17E
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A43FA051_2_06A43FA0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AABCC651_2_06AABCC6
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AB7BB851_2_06AB7BB8
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AB99DB51_2_06AB99DB
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_01C50C7051_2_01C50C70
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_01C5C33851_2_01C5C338
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_01C50C6351_2_01C50C63
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_056B4D6051_2_056B4D60
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_03340C7053_2_03340C70
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0334C33853_2_0334C338
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_03340C6053_2_03340C60
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_033C586053_2_033C5860
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_033C585053_2_033C5850
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_033C5C3053_2_033C5C30
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_033C5C2053_2_033C5C20
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_05DA12C953_2_05DA12C9
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0634054053_2_06340540
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0634615053_2_06346150
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0634588053_2_06345880
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0634B67053_2_0634B670
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0634B66853_2_0634B668
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0634053053_2_06340530
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0634F53153_2_0634F531
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0634553853_2_06345538
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0634F54053_2_0634F540
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_06362B7853_2_06362B78
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0640F88853_2_0640F888
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0A5B3A5F53_2_0A5B3A5F
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0A5B9A9F53_2_0A5B9A9F
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0A5B9AA053_2_0A5B9AA0
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_00AC0C7054_2_00AC0C70
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_00ACC5F854_2_00ACC5F8
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_00ACDB6854_2_00ACDB68
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0363B2F854_2_0363B2F8
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0363DAC854_2_0363DAC8
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_03634C9954_2_03634C99
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0377DB7054_2_0377DB70
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_037747E054_2_037747E0
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_037747D054_2_037747D0
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0377DB6054_2_0377DB60
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_037708E854_2_037708E8
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_037708D854_2_037708D8
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0393F94854_2_0393F948
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0393F60054_2_0393F600
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0509459854_2_05094598
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0509964054_2_05099640
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0509722854_2_05097228
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_05098EC854_2_05098EC8
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_062A004054_2_062A0040
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: String function: 06AA2CA4 appears 47 times
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: String function: 06AA1B5F appears 38 times
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                                Source: is-RHSP2.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000000.2016819124.00000000004D7000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNamerbsetup_.exe vs SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000AD8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000029A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNamerbsetup_.exe vs SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FE2C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNamerbsetup_.exe vs SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                Source: is-UGSPB.tmp.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: is-UGSPB.tmp.2.dr, cbtKQk324LOwJIhU2bwm.csCryptographic APIs: 'CreateDecryptor'
                                Source: is-UGSPB.tmp.2.dr, cbtKQk324LOwJIhU2bwm.csCryptographic APIs: 'CreateDecryptor'
                                Source: is-UGSPB.tmp.2.dr, cbtKQk324LOwJIhU2bwm.csCryptographic APIs: 'CreateDecryptor'
                                Source: is-UGSPB.tmp.2.dr, cbtKQk324LOwJIhU2bwm.csCryptographic APIs: 'CreateDecryptor'
                                Source: RightBackup.exe, 00000033.00000002.2350454510.000000000813D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .sln@\]q
                                Source: RightBackup.exe, 00000035.00000002.2411253559.0000000005095000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .air .c".xml&.rar'.c++).c#+.iso-.java/.xls1.xlsx2.avi4.mp45.mov6.swf8.fla9.dll<.bat=.h?.jsA.psdC.pddD.psbE.phpG.packageH.php2I.php3J.php4K.php5L.php6M.phpprojN.phprO.phprgP.phprjQ.phpsR.jpgT.jpegU.gifV.pngW.tiffX.bmpY.ppt[.py].rb_.wava.wmab.midic.m4ad.mp3e.txtg.htmlh.inii.logj.rtfk.dmgm.aio.aitp.epsq.cdrr.slnt.suou.docw.docxnucRestoreCustomSelection|CreateDictFileExt_FileType|{0}
                                Source: classification engineClassification label: mal46.phis.troj.evad.winEXE@83/408@9/10
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A38180 GetLastError,FormatMessageA,sqlite3_snprintf,51_2_06A38180
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A37E20 GetDiskFreeSpaceW,GetDiskFreeSpaceA,51_2_06A37E20
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right BackupJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3380:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2132:120:WilError_03
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeMutant created: \BaseNamedObjects\Global\cbackuplogmutexRBFileUploadLog
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\cbackuplogmutexRBFileUploadLog
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3184:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6152:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2180:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6156:120:WilError_03
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeMutant created: \BaseNamedObjects\Global\cbackupdatamutex
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3276:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6304:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5660:120:WilError_03
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Right Backup
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMutant created: \Sessions\1\BaseNamedObjects\Global\RightBackup_E9AC93B9-E733-40A8-9338-47A4909521B7
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMutant created: NULL
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2148:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3288:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3396:120:WilError_03
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpMutant created: \Sessions\1\BaseNamedObjects\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Right Backup_setup
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3560:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2820:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3624:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4856:120:WilError_03
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\cbackupdatamutex
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMutant created: \Sessions\1\BaseNamedObjects\Global\cbackuplogmutexRBNotifier_OutOfMemorylog
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6136:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1680:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:736:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4980:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3652:120:WilError_03
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeFile created: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmpJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RightBackup.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RightBackup.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RightBackup.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBNotifier.exe&quot;)
                                Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RightBackup.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBNotifier.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RightBackup.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RightBackup.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBNotifier.exe&quot;)
                                Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RightBackup.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RightBackup.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBNotifier.exe&quot;)
                                Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RBClientService.exe&quot;)
                                Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RightBackup.exe&quot;)
                                Source: C:\Windows\SysWOW64\schtasks.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;RightBackup.exe&quot;)
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                                Source: RightBackup.exe, 00000035.00000002.2411253559.00000000050D3000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [{0}] ( settingid integer PRIMARY KEY autoincrement, [key] varchar(100),[value] varchar(255)) ;t
                                Source: RightBackup.exe, 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                                Source: RightBackup.exe, 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: create table %_segdir( level integer, idx integer, start_block integer, leaves_end_block integer, end_block integer, root blob, primary key(level, idx));
                                Source: RightBackup.exe, 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                                Source: RightBackup.exe, 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                                Source: RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [{0}] ( [FileId] integer PRIMARY KEY autoincrement, [LogDate] varchar(100), [FileLocation] varchar(260), [RestoreLocation] varchar(260), FileSize bigint, [Status] int, [SummaryId] int, udi int , ufi int ) ;$
                                Source: RightBackup.exe, 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
                                Source: RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [{0}] ( [FileId] integer PRIMARY KEY autoincrement, [Signature] blob, [SignatureLength] bigint, [FilePathCrc] bigint) ;
                                Source: RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050BF000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [{0}] ( [FileId] integer PRIMARY KEY autoincrement, [LogDate] varchar(100), [FilePath] varchar(260), [Status] int,FileSize bigint, [SummaryId] int ) ;DCREATE TABLE IF NOT EXISTS [{0}] (
                                Source: RightBackup.exe, 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: create table %_segments( blockid INTEGER PRIMARY KEY, block blob);
                                Source: RightBackup.exe, 00000033.00000002.2310466576.0000000003E39000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [Settings] ( settingid integer PRIMARY KEY autoincrement, [key] varchar(100),[value] varchar(255)) ;
                                Source: RightBackup.exe, 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                                Source: RightBackup.exe, 00000033.00000002.2310466576.00000000039D7000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050D3000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [{0}] ( [MachineName] varchar(100),[UserMachineId] integer , [TotalFiles] bigint, [TotalFilesSize] bigint , [MachineType] integer, LastBackupDate varchar(50));
                                Source: RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [{0}] ( [MPUId] integer PRIMARY KEY autoincrement, [MPUResumeData] blob ) ;
                                Source: RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [{0}] ( settingid integer PRIMARY KEY autoincrement, [key] varchar(100),[value] varchar(255)) ;
                                Source: RightBackup.exe, 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
                                Source: RightBackup.exe, 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                                Source: RightBackup.exeString found in binary or memory: ms-help://MS.VSCC.v90
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe"
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeProcess created: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp "C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp" /SL5="$10474,14009033,878592,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe"
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup" /f
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup_startup" /f
                                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Right BackupNotifier" /f
                                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Right BackupNotifier_startup" /f
                                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Right BackupNotifier_trigger" /f
                                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup_WD" /f
                                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" loadvalues
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" install
                                Source: unknownProcess created: C:\Program Files (x86)\Right Backup\RBClientService.exe "C:\Program Files (x86)\Right Backup\RBClientService.exe"
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" firstinstall -autoscanafterinstall -fireurlsilently
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Program Files (x86)\Right Backup\RBNotifier.exe "C:\Program Files (x86)\Right Backup\RBNotifier.exe" createschedule -fireurlsilently
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" loadvalues
                                Source: unknownProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" autolaunch
                                Source: unknownProcess created: C:\Program Files (x86)\Right Backup\RBNotifier.exe "C:\Program Files (x86)\Right Backup\RBNotifier.exe" neweventtrigger
                                Source: unknownProcess created: C:\Program Files (x86)\Right Backup\RBNotifier.exe "C:\Program Files (x86)\Right Backup\RBNotifier.exe" startup
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeProcess created: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp "C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp" /SL5="$10474,14009033,878592,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup" /fJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" loadvaluesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" installJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" firstinstall -autoscanafterinstall -fireurlsilentlyJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Program Files (x86)\Right Backup\RBNotifier.exe "C:\Program Files (x86)\Right Backup\RBNotifier.exe" createschedule -fireurlsilentlyJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" loadvalues
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: netapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: textinputframework.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: shfolder.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: msftedit.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: windows.globalization.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: bcp47mrm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: globinputhost.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: dwmapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: dpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: windows.ui.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: windowmanagementapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: inputhost.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: explorerframe.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: sfc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: linkinfo.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: cscapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: version.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: mscorjit.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: mscorjit.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: rtutils.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: dwrite.dllJump to behavior
                                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: mscorjit.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: mscorjit.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: dwrite.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: windowscodecs.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: mscorjit.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: mscorjit.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: mscorjit.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: mscorjit.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: dwrite.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: windowscodecs.dll
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeSection loaded: propsys.dll
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\InProcServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile written: C:\Users\user\AppData\Roaming\Systweak\Right Backup\ipini.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpWindow found: window name: TMainFormJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpAutomated click: Next
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpAutomated click: Next
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpAutomated click: I accept the agreement
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpAutomated click: Next
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpAutomated click: I accept the agreement
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpAutomated click: Next
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeStatic PE information: certificate valid
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeStatic file information: File size 14973712 > 1048576
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Source: Binary string: *.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg source: RightBackup.exe, 00000033.00000002.2350454510.0000000008175000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2310466576.0000000003D6E000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2350454510.0000000008226000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2350454510.00000000080B1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007EB1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050D8000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: RightBackup.pdb source: RightBackup.exe, 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmp
                                Source: Binary string: <?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>8</Id><ext>*.raw,*.wmp,*.tif,*.tiff,*.pict,*.cdr,*.bmp,*.gif,*.jpeg,*.jpg,*.ofx,*.pub,*.ps,*.psd,*.qxd,*.png,*.eps,*.dwg,*.dxf,*.ico,*.indd,*.iges,*.cr2,*.ai,*.3ds,*.pcx,*.sgv,*.wmf,*.met,*.pgm,*.ras,*.svm,*.xbm,*.emf,*.pbm,*.plt,*.sda,*.tga,*.xpm,*.pcd,*.pct,*.ppm,*.sgf,*.pck,*.wpg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>16</Id><ext>*.wma,*.ses,*.ram,*.m4a,*.m4b,*.m4p,*.mid,*.midi,*.mp2,*.mp3,*.mso,*.ogg,*.cda,*.all,*.amr,*.ape,*.asf,*.aif,*.aiff,*.au,*.audiocd,*.dm,*.dss,*.dvf,*.wav</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>32</Id><ext>*.eml</ext><path><string>RB_OSDRIVE</string></path></ssi><ssi><Id>64</Id><ext>*.mny,*.qbw,*.qel,*.qsd,*.qph,*.qbb,*.tax,*.t01,*.t02,*.t03,*.t04,*.t05,*.t06,*.t07,*.t08,*.t09,*.qdf,*.tax2009,*.001,*.247,*.500,*.900,*.989,*.tcp,*.tsf,*.tsm,*.bds,*.sys,*.mdf,*.ldf,*.bkp,*.db,*.cs,*.qbm,*.qbo,*.des,*.qbr,*.qwc,*.qbstbl2.usa,*.qbx,*.qba,*.qby,*.qbj,*.qsm,*.qss,*.qst</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>128</Id><ext>*.azw.?,*.mobi,*.epub</ext><path><string>RB_ALLDRIVES</string></path></ssi></ArrayOfSsi> source: RightBackup.exe, 00000033.00000002.2350454510.0000000008175000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2310466576.0000000003D6E000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2350454510.0000000008226000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: Microsoft.SqlServer.Types.pdb source: RightBackup.exe, RightBackup.exe, 00000033.00000002.2349213712.0000000007530000.00000002.00000001.01000000.0000000E.sdmp
                                Source: Binary string: ?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>8</Id><ext>*.raw,*.wmp,*.tif,*.tiff,*.pict,*.cdr,*.bmp,*.gif,*.jpeg,*.jpg,*.ofx,*.pub,*.ps,*.psd,*.qxd,*.png,*.eps,*.dwg,*.dxf,*.ico,*.indd,*.iges,*.cr2,*.ai,*.3ds,*.pcx,*.sgv,*.wmf,*.met,*.pgm,*.ras,*.svm,*.xbm,*.emf,*.pbm,*.plt,*.sda,*.tga,*.xpm,*.pcd,*.pct,*.ppm,*.sgf,*.pck,*.wpg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>16</Id><ext>*.wma,*.ses,*.ram,*.m4a,*.m4b,*.m4p,*.mid,*.midi,*.mp2,*.mp3,*.mso,*.ogg,*.cda,*.all,*.amr,*.ape,*.asf,*.aif,*.aiff,*.au,*.audiocd,*.dm,*.dss,*.dvf,*.wav</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>32</Id><ext>*.eml</ext><path><string>RB_OSDRIVE</string></path></ssi><ssi><Id>64</Id><ext>*.mny,*.qbw,*.qel,*.qsd,*.qph,*.qbb,*.tax,*.t01,*.t02,*.t03,*.t04,*.t05,*.t06,*.t07,*.t08,*.t09,*.qdf,*.tax2009,*.001,*.247,*.500,*.900,*.989,*.tcp,*.tsf,*.tsm,*.bds,*.sys,*.mdf,*.ldf,*.bkp,*.db,*.cs,*.qbm,*.qbo,*.des,*.qbr,*.qwc,*.qbstbl2.usa,*.qbx,*.qba,*.qby,*.qbj,*.qsm,*.qss,*.qst</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>128</Id><ext>*.azw.?,*.mobi,*.epub</ext><path><string>RB_ALLDRIVES</string></path></ssi></ArrayOfSsi>@\]q source: RightBackup.exe, 00000033.00000002.2350454510.0000000008175000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2310466576.0000000003D6E000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2350454510.0000000008226000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: d:\Regclean Pro\rcp\src\UpdateDownload\src\Release\update.pdb source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: <?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>8</Id><ext>*.raw,*.wmp,*.tif,*.tiff,*.pict,*.cdr,*.bmp,*.gif,*.jpeg,*.jpg,*.ofx,*.pub,*.ps,*.psd,*.qxd,*.png,*.eps,*.dwg,*.dxf,*.ico,*.indd,*.iges,*.cr2,*.ai,*.3ds,*.pcx,*.sgv,*.wmf,*.met,*.pgm,*.ras,*.svm,*.xbm,*.emf,*.pbm,*.plt,*.sda,*.tga,*.xpm,*.pcd,*.pct,*.ppm,*.sgf,*.pck,*.wpg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>16</Id><ext>*.wma,*.ses,*.ram,*.m4a,*.m4b,*.m4p,*.mid,*.midi,*.mp2,*.mp3,*.mso,*.ogg,*.cda,*.all,*.amr,*.ape,*.asf,*.aif,*.aiff,*.au,*.audiocd,*.dm,*.dss,*.dvf,*.wav</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>32</Id><ext>*.eml</ext><path><string>RB_OSDRIVE</string></path></ssi><ssi><Id>64</Id><ext>*.mny,*.qbw,*.qel,*.qsd,*.qph,*.qbb,*.tax,*.t01,*.t02,*.t03,*.t04,*.t05,*.t06,*.t07,*.t08,*.t09,*.qdf,*.tax2009,*.001,*.247,*.500,*.900,*.989,*.tcp,*.tsf,*.tsm,*.bds,*.sys,*.mdf,*.ldf,*.bkp,*.db,*.cs,*.qbm,*.qbo,*.des,*.qbr,*.qwc,*.qbstbl2.usa,*.qbx,*.qba,*.qby,*.qbj,*.qsm,*.qss,*.qst</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>128</Id><ext>*.azw.?,*.mobi,*.epub</ext><path><string>RB_ALLDRIVES</string></path></ssi></ArrayOfSsi>)|ntuser\.dat(.+?)|ntuser\.pol(.+?)|usrclass\.dat(.+?)|desktop\.ini|\~\$(.+?)|\.\~(.+?)</item></ir><ir><Id>4</Id><item>index\.dat</item></ir><ir><Id>5</Id><item>lnk</item></ir><ir><Id>6</Id><item>edb|tmp|log|ini|pf|chk|lo_|crmlog|bak|dmp|hdmp|mdmp|wab\~|vmc|vhd|vo1|vo2|vsv|vud|vmdk|vmsn|vmsd|hdd|vdi|vmwarevm|nvram|vmx|vmem|iso|dmg|sparseimage|dl_|wim|113|\$\$|\$db|abf|abk|afm|ani|ann|bac|bck|bcm|bdb|bdf|bkf|bmk|bsc|cab|cf1|chq|chw|cnt|com|cpl|ffl|cur|dev|dfont|drv|eot|evt|evtx|ffa|ffo|ffx|fnt|fon|ftg|fts|fxp|gid|grp|hxi|hxq|hxr|hxs|idb|idx|ilk|img|ins|ipf|isp|its|jar|jse|kbd|kext|lex|lib|lwfn|msc|msm|msp|mst|ncb|nt|obj|obs|old|ost|otf|pch|pfa|pfb|pfm|plist|pnf|pol|pref|prf|prg|prn|pwl|rdb|rll|rox|sbr|scf|scr|sdb|shb|suit|swp|sys|theme|tms|ttc|v2i|vbe|vga|vgd|vxd|win|wpk|db</item></ir><ir><Id>7</Id><listItem><Item><Key><string>:\documents and settings\SYSTEM_USER_
                                Source: Binary string: RBClientService.pdb( source: RBClientService.exe, 00000036.00000002.3281787479.0000000001432000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: <?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>8</Id><ext>*.raw,*.wmp,*.tif,*.tiff,*.pict,*.cdr,*.bmp,*.gif,*.jpeg,*.jpg,*.ofx,*.pub,*.ps,*.psd,*.qxd,*.png,*.eps,*.dwg,*.dxf,*.ico,*.indd,*.iges,*.cr2,*.ai,*.3ds,*.pcx,*.sgv,*.wmf,*.met,*.pgm,*.ras,*.svm,*.xbm,*.emf,*.pbm,*.plt,*.sda,*.tga,*.xpm,*.pcd,*.pct,*.ppm,*.sgf,*.pck,*.wpg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>16</Id><ext>*.wma,*.ses,*.ram,*.m4a,*.m4b,*.m4p,*.mid,*.midi,*.mp2,*.mp3,*.mso,*.ogg,*.cda,*.all,*.amr,*.ape,*.asf,*.aif,*.aiff,*.au,*.audiocd,*.dm,*.dss,*.dvf,*.wav</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>32</Id><ext>*.eml</ext><path><string>RB_OSDRIVE</string></path></ssi><ssi><Id>64</Id><ext>*.mny,*.qbw,*.qel,*.qsd,*.qph,*.qbb,*.tax,*.t01,*.t02,*.t03,*.t04,*.t05,*.t06,*.t07,*.t08,*.t09,*.qdf,*.tax2009,*.001,*.247,*.500,*.900,*.989,*.tcp,*.tsf,*.tsm,*.bds,*.sys,*.mdf,*.ldf,*.bkp,*.db,*.cs,*.qbm,*.qbo,*.des,*.qbr,*.qwc,*.qbstbl2.usa,*.qbx,*.qba,*.qby,*.qbj,*.qsm,*.qss,*.qst</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>128</Id><ext>*.azw.?,*.mobi,*.epub</ext><path><string>RB_ALLDRIVES</string></path></ssi></ArrayOfSsi>4 source: RightBackup.exe, 00000033.00000002.2350454510.0000000008175000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2310466576.0000000003D6E000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000002.2350454510.0000000008226000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: RBClientService.pdb source: RBClientService.exe, 00000036.00000002.3281787479.0000000001432000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: STBackupclient.pdb source: RightBackup.exe, RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp

                                Data Obfuscation

                                barindex
                                .NET source code contains method to dynamically call methods (often used by packers)
                                Source: is-UGSPB.tmp.2.dr, cbtKQk324LOwJIhU2bwm.cs.Net Code: Type.GetTypeFromHandle(iOg7Uw3DXC8ruAaV1awe.PBneew8733y(16777402)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(iOg7Uw3DXC8ruAaV1awe.PBneew8733y(16777253)),Type.GetTypeFromHandle(iOg7Uw3DXC8ruAaV1awe.PBneew8733y(16777312))})
                                Source: is-S4F4B.tmp.2.drStatic PE information: 0xD994BC09 [Tue Sep 4 00:55:37 2085 UTC]
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AB0457 __decode_pointer,LoadLibraryA,GetProcAddress,__encode_pointer,InterlockedExchange,FreeLibrary,51_2_06AB0457
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeStatic PE information: section name: .didata
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp.0.drStatic PE information: section name: .didata
                                Source: is-RHSP2.tmp.2.drStatic PE information: section name: .didata
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpCode function: 2_2_0384FD0C push eax; iretd 2_2_0384FD0D
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpCode function: 2_2_0384FC5C push eax; iretd 2_2_0384FC5D
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AA2CE9 push ecx; ret 51_2_06AA2CFC
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A38C12 push ss; ret 51_2_06A38C14
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A57CD1 push esp; ret 51_2_06A57CD3
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_075367D5 push es; retf 51_2_075367D6
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_075367F1 push es; iretd 51_2_075367F2
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_0753765C pushad ; iretd 51_2_0753765E
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_01C5455D pushad ; retf 51_2_01C5456D
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0334455D pushad ; retf 53_2_0334456D
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_033CBB44 push E8001713h; ret 53_2_033CBB49
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_05DA8088 push esp; ret 53_2_05DA808C
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_05DA806D push ebp; ret 53_2_05DA806E
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_05DA8287 push cs; ret 53_2_05DA828A
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0634F210 push esp; iretd 53_2_0634F219
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_064015F8 push es; ret 53_2_064062C0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_06403D01 push esi; ret 53_2_06403D07
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0A5B71E4 push edx; iretd 53_2_0A5B71F5
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0A5B762E push ss; retf 53_2_0A5B7631
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0A5BDD63 push E802005Eh; ret 53_2_0A5BDD69
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_00AC40BE pushfd ; iretd 54_2_00AC40C1
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_00AC4D01 push esi; ret 54_2_00AC4D07
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_00AC4FA5 push FFFFFFB8h; ret 54_2_00AC4FA7
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0377D3F1 push eax; ret 54_2_0377D403
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_037C3D01 push esi; ret 54_2_037C3D07
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0397314F push ss; iretd 54_2_03973152
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeCode function: 54_2_0509D2FF pushfd ; iretd 54_2_0509D309
                                Source: is-UGSPB.tmp.2.drStatic PE information: section name: .text entropy: 7.385587662436242
                                Source: is-UGSPB.tmp.2.dr, HKUy2h3DLH2GLViXieqA.csHigh entropy of concatenated method names: 'URx3Np47n92', 'Ynj3NkRSCEA', 'a243N8pU5be', 'gAu3NGwdVFN', 'PKx3NKUnJIQ', 'LkA3N3JrTa1', 'Lyc3NeLSXTl', 'd5N3NrpV4gR', 'euI3NW9ug4W', 'meE3Ntebd0h'
                                Source: is-UGSPB.tmp.2.dr, jfKoi030SHw1XpR1n1ML.csHigh entropy of concatenated method names: 'InitializeLifetimeService', 'p5230bl70W8', 'kRW30VSNBhw', 'H4C30yJiQqO', 'C0f30xdARZ2', 'SkoV7C3YW1fcJV2iSQyf', 'Wi19NE3Ye8L4Ehnh9T4P', 'CkC5Qq3YrEnOGZyEEZxJ', 'voXvdk3YtP1bBsKEnaX4', 'ilUclZ3YfMNOZgY46bxZ'
                                Source: is-UGSPB.tmp.2.dr, T4uWjX3Nff9gTpboS1TK.csHigh entropy of concatenated method names: 'GVI3hGI0CJT', 'AXy3hK8ibg3', 'vD73h3l0rtR', 'd843he6vAvY', 'B2c3hrcvryB', 'PsN3hWGXTQY', 'oY03htqSxyL', 'qPo3NvkP0wR', 'OQ83hfVghZk', 'sRL3hH3M399'
                                Source: is-UGSPB.tmp.2.dr, cbtKQk324LOwJIhU2bwm.csHigh entropy of concatenated method names: 'zqgnAN3CGLN9bM2GUl22', 'BexVFc3CKtv43AXcGTG9', 'b3x3DREMIUJ', 'WdSIYV3CW9BAsD0q7Fgv', 'rjk9ir3Ct2eA93AFVi34', 'Dk9Xn73CfQQCMUHHja6Y', 'w7fLLm3CH0WuCe6YLE7E', 'akuvji3ClRgL9oCFPZGQ', 'Jtw2FD3CJcYbmQY53Pif', 'uoNncA3CnYHPFIlyBG0b'
                                Source: is-UGSPB.tmp.2.dr, MarshalByRefType.csHigh entropy of concatenated method names: 'SomeMethod', 'SomeMethodStatic', 'SF3lbw3wwlFYIB9VGqIV', 'CZenG53wYMrUn9t8QiLm', 'yhQFXr3wu6njvAd4JPYi', 'YrRVJl3wZV7H3xDtEIBl', 'Cto8kC3w9urjVTPE586u', 'Emnc4S3wCN0DrwQOpbZw', 'AN4MYa3wc2j33Zy4W2LP', 'yEFXBs3w7Lqb9aHmQU0Z'
                                Source: is-UGSPB.tmp.2.dr, cRBClientService.csHigh entropy of concatenated method names: 'SystemEvents_PowerModeChanged', 'OnStart', 'OnStop', 'OnPowerEvent', 'OnSessionChange', 'l8a3s7TBWaA', 'Hwl3szOfGkg', 'FtC30pjoM9b', 'Tlr30k6EUbC', 'ACI308X0qKH'
                                Source: is-UGSPB.tmp.2.dr, Module1.csHigh entropy of concatenated method names: 'MainEx', 'AVoNZU3wIurrhoe0U6KV', 'iOTN9P3wPweIk8wIyHos', 'ayZaLt3wAbgjNIgJ1OFU', 'dBPYIp3wiT0OCADsA6kc', 'TAdOvL3wqTgijU2wWWAD', 'jHV5lx3wasD9Q6OWBJsg', 'eqhwiH3wB8xqHGCQieX5', 'IxPnhQ3wd0hZjMUWLnaR', 'lQOvoR3wTrM42Zamj4cY'
                                Source: is-UGSPB.tmp.2.dr, cMainWorker.csHigh entropy of concatenated method names: 'StartClientWorker', 'OnStart', 'OnStop', 'gk63sLvhQpM', 'JlT3s5kr4sy', 'kA03smH2Gvv', 'CDt3swNMEQG', 'RhO3sYVgCTJ', 'avI3sulheuu', 'Y3N3sZjRfU5'
                                Source: is-UGSPB.tmp.2.dr, ProjectInstaller.csHigh entropy of concatenated method names: 'Dispose', 'HnK30IrHeBg', 'a1kqQv3YIZ6ypmWsYrd9', 'Ytk4nO3YQ9kAqa20F9ff', 'WVWbhY3Y1txkmetkYbUB', 'NdsXsa3YPT2R3caSHixg', 'EhRb5j3YAF7Ll7vV23dc', 'wLxj693YiRmT5Z7WtuIP', 'oGiRyg3YqSy7tDxj5ce5', 'klBMo63Ya2dGdZ8uqeTu'
                                Source: is-UGSPB.tmp.2.dr, Resources.csHigh entropy of concatenated method names: 'E9ihWx3YEA3pXXJgLUf7', 'W9dujY3Y0fI7SgS7CF82', 'YtmFs73Y2qkH45Dul8xc', 'UcCbKD3YDkwLlyYAh9sg', 'qK88HV3YNGlrVmBKAyP4', 'av2iBR3YoSJt5tFnSgHW', 'DhB71B3YXUr8cOS0HAAd', 'HD4p7r3Y4or7GOatpjfW'
                                Source: is-UGSPB.tmp.2.dr, cBackupRequestServer.csHigh entropy of concatenated method names: 'InitServer', 'sJU30XcLOnA', 'ix9304KqtoZ', 'DsjBEW3Y9VaBNqY2l9Hd', 'hLZJrV3YC74uRxA3ydjn', 'z875rW3Yc6MoiyPOa277', 'HIJsqC3Y7W3KZyMoOw4h', 'YvpvmA3YzMvwVSVDRsRD', 'b82yro3YuFwkNEsu9tkc', 'Q0GoxV3YZSS8xw2Kf8kV'
                                Source: is-UGSPB.tmp.2.dr, kHKdSG32DqHlIQdh9s1v.csHigh entropy of concatenated method names: 'hA0eeLHGA4t', 'r5A4Fh39wPyySMYRlpXU', 'h1hedC39YqEF7sek4EFo', 'DaiEIh39u1iY0FK3LhL0', 'LH8tEC3956oVCS1PruKi', 'pFpYvJ39mkErhgMlSol9', 'bly8w039ZTcaILwtib5S', 'aGVlnx3997wumhapC9PV', 'a4HDGG39CX34bZ3ZanmK', 'WTXKLG39ctvUA9JxpBlE'
                                Source: is-UGSPB.tmp.2.dr, nJye2O30UVR9mBVNkU7h.csHigh entropy of concatenated method names: 'c9k30FTZouH', 'hcg306u9Eba', 'o8i30QydFqB', 'fJ4301hCsxp', 'zpU6bX3Ynjbyl6hPRQ4H', 'PBgqDR3YSVStj6sYHLow', 'SDRecr3Ygshs04Kv4sUX', 'v8IDwh3Yb8ywTYnkqCcX', 'LtPqF93YVHXOqak4EirE', 'zJWt7F3YyujuJ2rn4iYY'
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-RSVNH.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\AppResource.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-C7UUC.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\System.Threading.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-RHSP2.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Users\user\AppData\Local\Temp\is-468CM.tmp\isxdl.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-GEL0D.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\STBackupclient.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-2DNNP.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\HtmlRenderer.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\Microsoft.SqlServer.Types.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-1OA4D.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\Microsoft.Win32.TaskScheduler.DLL (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-ILJ84.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-VKH9R.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\unins000.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-U9DNA.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\FSLibRsyncWrapper.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-UGSPB.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\Interop.IWshRuntimeLibrary.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\RightBackup.exe (copy)Jump to dropped file
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeFile created: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-R278I.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-GR5UV.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\notifierlib.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-S4F4B.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\RBClientService.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-7Q60P.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\AWSSDK.S3.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-86NQ8.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\System.Core.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\SevenZipSharp.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\System.Runtime.Serialization.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-GQNVN.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-65K01.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\System.Data.DataSetExtensions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Users\user\AppData\Local\Temp\is-468CM.tmp\_isetup\_setup64.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-K8A67.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-A8JFA.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\AWSSDK.Core.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\RBNotifier.exe (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\Program Files (x86)\Right Backup\is-6ESI6.tmpJump to dropped file

                                Boot Survival

                                barindex
                                Uses schtasks.exe or at.exe to add and modify task schedules
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup" /f
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right BackupJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup\Right Backup.lnkJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup\Uninstall Right Backup.lnkJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband FavoritesResolveJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name, macaddress from Win32_NetworkAdapter where netconnectionid&lt;&gt;NULL and macaddress&lt;&gt;NULL and Manufacturer &lt;&gt; &apos;Microsoft&apos; AND NOT PNPDeviceID LIKE &apos;ROOT\\%&apos;
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter WHERE (MACAddress IS NOT NULL) AND (NOT (PNPDeviceID LIKE &apos;ROOT%&apos;)) AND (NOT (PNPDeviceID LIKE &apos;USB%&apos;))
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 1C50000 memory reserve | memory write watchJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 3680000 memory reserve | memory write watchJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 5680000 memory reserve | memory write watchJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 3300000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 3590000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 33A0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeMemory allocated: AC0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeMemory allocated: 1120000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeMemory allocated: E90000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 3410000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 3440000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 5440000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: F240000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: FEF0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: FC20000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 13720000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 138C0000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 13980000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 13A20000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 13BD0000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 13C50000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 13EF0000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 13F90000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14030000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 140F0000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14130000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14290000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14430000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14540000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14660000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 149A0000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 149C0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 149E0000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14A00000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14A20000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14A40000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14C40000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14C60000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14D60000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14D80000 memory commit | memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14DA0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14DC0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMemory allocated: 770000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMemory allocated: 2570000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMemory allocated: AF0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 14B0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 2F80000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 4F80000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 3360000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 35C0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: 33F0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMemory allocated: 11C0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMemory allocated: 2B60000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMemory allocated: 4B60000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMemory allocated: 1470000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMemory allocated: 2E70000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeMemory allocated: 2DA0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0A5B3A5F rdtsc 53_2_0A5B3A5F
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2700000Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699890Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699776Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699671Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2700000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699890
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699781
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699669
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699562
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699450
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699339
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699218
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699106
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698882
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698781
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698671
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698555
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698438
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698325
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698209
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698085
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2697984
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2697875
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2697765
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2697655
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2700000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699781
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699668
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699478
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698961
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698625
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696926
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696766
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696609
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696453
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696318
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696156
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696003
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695859
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695744
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695625
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695515
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695406
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695293
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695186
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695062
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694930
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694750
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694624
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694507
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694397
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694250
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694109
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693997
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693887
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693781
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693671
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693523
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693415
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693309
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693202
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693090
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692981
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692875
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692761
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692652
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692538
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692429
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692306
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692203
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692091
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691982
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691861
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691734
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691625
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691492
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691390
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691273
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691172
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691056
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2690951
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2690843
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2690726
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2690590
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2700000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699828
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 360000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 359874
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWindow / User API: threadDelayed 569Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWindow / User API: threadDelayed 1126
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWindow / User API: threadDelayed 2756
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeWindow / User API: threadDelayed 6669
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeWindow / User API: threadDelayed 3141
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWindow / User API: threadDelayed 8720
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWindow / User API: threadDelayed 617
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeWindow / User API: threadDelayed 468
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-RSVNH.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\AppResource.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-C7UUC.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\System.Threading.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-468CM.tmp\isxdl.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-GEL0D.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\STBackupclient.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-2DNNP.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\HtmlRenderer.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\Microsoft.Win32.TaskScheduler.DLL (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-ILJ84.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-VKH9R.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-U9DNA.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\FSLibRsyncWrapper.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\Interop.IWshRuntimeLibrary.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-R278I.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\notifierlib.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-GR5UV.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-S4F4B.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-7Q60P.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\AWSSDK.S3.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\System.Core.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-86NQ8.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\SevenZipSharp.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\System.Runtime.Serialization.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-GQNVN.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\System.Data.DataSetExtensions.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-65K01.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-468CM.tmp\_isetup\_setup64.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-A8JFA.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\AWSSDK.Core.dll (copy)Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpDropped PE file which has not been started: C:\Program Files (x86)\Right Backup\is-6ESI6.tmpJump to dropped file
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeAPI coverage: 0.3 %
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 3364Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5136Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5136Thread sleep time: -2700000s >= -30000sJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5136Thread sleep time: -2699890s >= -30000sJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 3144Thread sleep count: 569 > 30Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5136Thread sleep time: -2699776s >= -30000sJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5136Thread sleep time: -2699671s >= -30000sJump to behavior
                                Source: C:\Windows\System32\svchost.exe TID: 2568Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -10145709240540247s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2700000s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2699890s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2699781s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2699669s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2699562s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2699450s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2699339s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2699218s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2699106s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2699000s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2698882s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2698781s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2698671s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2698555s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2698438s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2698325s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2698209s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2698085s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2697984s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2697875s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2697765s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2148Thread sleep time: -2697655s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 3092Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exe TID: 5228Thread sleep count: 6669 > 30
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exe TID: 6208Thread sleep count: 3141 > 30
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exe TID: 4140Thread sleep time: -23058430092136925s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -30437127721620741s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2700000s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2699781s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2699668s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2699478s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2698961s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2698625s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2696926s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2696766s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2696609s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2696453s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2696318s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2696156s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2696003s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2695859s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2695744s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2695625s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2695515s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2695406s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2695293s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2695186s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2695062s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2694930s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2694750s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2694624s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2694507s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2694397s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2694250s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2694109s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2693997s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2693887s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2693781s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2693671s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2693523s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2693415s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2693309s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2693202s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2693090s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2692981s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2692875s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2692761s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2692652s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2692538s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2692429s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2692306s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2692203s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2692091s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2691982s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2691861s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2691734s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2691625s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2691492s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2691390s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2691273s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2691172s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2691056s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2690951s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2690843s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2690726s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5968Thread sleep time: -2690590s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exe TID: 6480Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exe TID: 5040Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 4092Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 4092Thread sleep time: -2700000s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 5000Thread sleep count: 59 > 30
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 4092Thread sleep time: -2699828s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 3712Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 3712Thread sleep time: -360000s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 3712Thread sleep time: -359874s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exe TID: 2616Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exe TID: 616Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exe TID: 1816Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                                Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name, Manufacturer, SMBIOSBIOSVersion, SerialNumber, ReleaseDate from Win32_BIOS
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Product, Manufacturer, SerialNumber, Version from Win32_BaseBoard
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Model, Manufacturer from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A38000 GetSystemTime followed by cmp: cmp edx, 04h and CTI: jc 06A38055h51_2_06A38000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2700000Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699890Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699776Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699671Jump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2700000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699890
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699781
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699669
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699562
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699450
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699339
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699218
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699106
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698882
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698781
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698671
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698555
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698438
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698325
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698209
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698085
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2697984
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2697875
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2697765
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2697655
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2700000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699781
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699668
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699478
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698961
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2698625
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696926
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696766
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696609
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696453
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696318
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696156
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2696003
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695859
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695744
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695625
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695515
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695406
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695293
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695186
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2695062
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694930
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694750
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694624
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694507
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694397
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694250
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2694109
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693997
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693887
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693781
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693671
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693523
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693415
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693309
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693202
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2693090
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692981
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692875
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692761
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692652
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692538
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692429
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692306
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692203
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2692091
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691982
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691861
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691734
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691625
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691492
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691390
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691273
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691172
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2691056
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2690951
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2690843
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2690726
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2690590
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2700000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 2699828
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 360000
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 359874
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: RightBackup.exe, 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: I5XuFo8rvByTpw5VMCin
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003B8B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwarevm
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.0000000000992000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000992000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW<
                                Source: RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003BD3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: edb|tmp|log|ini|pf|chk|lo_|crmlog|bak|dmp|hdmp|mdmp|WAB\~|VMC|VHD|VO1|VO2|VSV|VUD|VMDK|VMSN|VMSD|HDD|VDI|VMWAREVM|NVRAM|VMX|VMEM|ISO|DMG|SPARSEIMAGE|DL_|WIM|113|\$\$|\$DB|ABF|ABK|AFM|ANI|ANN|BAC|BCK|BCM|BDB|BDF|BKF|BMK|BSC|CAB|CF1|CHQ|CHW|CNT|COM|CPL|FFL|CUR|DEV|DFONT|DRV|EOT|EVT|EVTX|FFA|FFO|FFX|FNT|FON|FTG|FTS|FXP|GID|GRP|HXI|HXQ|HXR|HXS|IDB|IDX|ILK|IMG|INS|IPF|ISP|ITS|JAR|JSE|KBD|KEXT|LEX|LIB|LWFN|MSC|MSM|MSP|MST|NCB|NT|OBJ|OBS|OLD|OST|OTF|PCH|PFA|PFB|PFM|PLIST|PNF|POL|PREF|PRF|PRG|PRN|PWL|RDB|RLL|ROX|SBR|SCF|SCR|SDB|SHB|SUIT|SWP|SYS|THEME|TMS|TTC|V2I|VBE|VGA|VGD|VXD|WIN|W
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003BD3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: edb|tmp|log|ini|pf|chk|lo_|crmlog|bak|dmp|hdmp|mdmp|wab\~|vmc|vhd|vo1|vo2|vsv|vud|vmdk|vmsn|vmsd|hdd|vdi|vmwarevm|nvram|vmx|vmem|iso|dmg|sparseimage|dl_|wim|113|\$\$|\$db|abf|abk|afm|ani|ann|bac|bck|bcm|bdb|bdf|bkf|bmk|bsc|cab|cf1|chq|chw|cnt|com|cpl|ffl|cur|dev|dfont|drv|eot|evt|evtx|ffa|ffo|ffx|fnt|fon|ftg|fts|fxp|gid|grp|hxi|hxq|hxr|hxs|idb|idx|ilk|img|ins|ipf|isp|its|jar|jse|kbd|kext|lex|lib|lwfn|msc|msm|msp|mst|ncb|nt|obj|obs|old|ost|otf|pch|pfa|pfb|pfm|plist|pnf|pol|pref|prf|prg|prn|pwl|rdb|rll|rox|sbr|scf|scr|sdb|shb|suit|swp|sys|theme|tms|ttc|v2i|vbe|vga|vgd|vxd|win|wpk|db@\]q
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003B8B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwarevmLR]q
                                Source: RBClientService.exe, 00000036.00000002.3281787479.00000000013AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \.(edb|tmp|log|ini|pf|chk|lo_|crmlog|bak|dmp|hdmp|mdmp|wab\~|vmc|vhd|vo1|vo2|vsv|vud|vmdk|vmsn|vmsd|hdd|vdi|vmwarevm|nvram|vmx|vmem|iso|dmg|sparseimage|dl_|wim|113|\$\$|\$db|abf|abk|afm|ani|ann|bac|bck|bcm|bdb|bdf|bkf|bmk|bsc|cab|cf1|chq|chw|cnt|com|cpl|ffl|cur|dev|dfont|drv|eot|evt|evtx|ffa|ffo|ffx|fnt|fon|ftg|fts|fxp|gid|grp|hxi|hxq|hxr|hxs|idb|idx|ilk|img|ins|ipf|isp|its|jar|jse|kbd|kext|lex|lib|lwfn|msc|msm|msp|mst|ncb|nt|obj|obs|old|ost|otf|pch|pfa|pfb|pfm|plist|pnf|pol|pref|prf|prg|prn|pwl|rdb|rll|rox|sbr|scf|scr|sdb|shb|suit|swp|sys|theme|tms|ttc|v2i|vbe|vga|vgd|vxd|win|wpk|db)$
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.000000000098E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.0000000000992000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075836848.000000000095F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2220276697.0000000000992000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000992000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000034.00000002.3273329992.000002114345D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050BF000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Home Premium N0Microsoft Hyper-V ServerXWindows Essential Business Management ServerVWindows Essential Business Messaging ServerTWindows Essential Business Security ServerDWindows Essential Server SolutionsdWindows Essential Server Solutions without Hyper-V:Windows Small Business ServerFStandard Server (core installation)fStandard Server without Hyper-V (core installation)>Standard Server without Hyper-V
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003B8B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwarevm\V
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003B8B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: edb|tmp|log|ini|pf|chk|lo_|crmlog|bak|dmp|hdmp|mdmp|wab\~|vmc|vhd|vo1|vo2|vsv|vud|vmdk|vmsn|vmsd|hdd|vdi|vmwarevm|nvram|vmx|vmem|iso|dmg|sparseimage|dl_|wim|113|\$\$|\$db|abf|abk|afm|ani|ann|bac|bck|bcm|bdb|bdf|bkf|bmk|bsc|cab|cf1|chq|chw|cnt|com|cpl|ffl|cur|dev|dfont|drv|eot|evt|evtx|ffa|ffo|ffx|fnt|fon|ftg|fts|fxp|gid|grp|hxi|hxq|hxr|hxs|idb|idx|ilk|img|ins|ipf|isp|its|jar|jse|kbd|kext|lex|lib|lwfn|msc|msm|msp|mst|ncb|nt|obj|obs|old|ost|otf|pch|pfa|pfb|pfm|plist|pnf|pol|pref|prf|prg|prn|pwl|rdb|rll|rox|sbr|scf|scr|sdb|shb|suit|swp|sys|theme|tms|ttc|v2i|vbe|vga|vgd|vxd|win|wpk|db
                                Source: RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: edb|tmp|log|ini|pf|chk|lo_|crmlog|bak|dmp|hdmp|mdmp|WAB\~|VMC|VHD|VO1|VO2|VSV|VUD|VMDK|VMSN|VMSD|HDD|VDI|VMWAREVM|NVRAM|VMX|VMEM|ISO|DMG|SPARSEIMAGE|DL_|WIM|113|\$\$|\$DB|ABF|ABK|AFM|ANI|ANN|BAC|BCK|BCM|BDB|BDF|BKF|BMK|BSC|CAB|CF1|CHQ|CHW|CNT|COM|CPL|FFL|CUR|DEV|DFONT|DRV|EOT|EVT|EVTX|FFA|FFO|FFX|FNT|FON|FTG|FTS|FXP|GID|GRP|HXI|HXQ|HXR|HXS|IDB|IDX|ILK|IMG|INS|IPF|ISP|ITS|JAR|JSE|KBD|KEXT|LEX|LIB|LWFN|MSC|MSM|MSP|MST|NCB|NT|OBJ|OBS|OLD|OST|OTF|PCH|PFA|PFB|PFM|PLIST|PNF|POL|PREF|PRF|PRG|PRN|PWL|RDB|RLL|ROX|SBR|SCF|SCR|SDB|SHB|SUIT|SWP|SYS|THEME|TMS|TTC|V2I|VBE|VGA|VGD|VXD|WIN|WPK|db
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003B8B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 9:en-CH:\.(edb|tmp|log|ini|pf|chk|lo_|crmlog|bak|dmp|hdmp|mdmp|wab\~|vmc|vhd|vo1|vo2|vsv|vud|vmdk|vmsn|vmsd|hdd|vdi|vmwarevm|nvram|vmx|vmem|iso|dmg|sparseimage|dl_|wim|113|\$\$|\$db|abf|abk|afm|ani|ann|bac|bck|bcm|bdb|bdf|bkf|bmk|bsc|cab|cf1|chq|chw|cnt|com|cpl|ffl|cur|dev|dfont|drv|eot|evt|evtx|ffa|ffo|ffx|fnt|fon|ftg|fts|fxp|gid|grp|hxi|hxq|hxr|hxs|idb|idx|ilk|img|ins|ipf|isp|its|jar|jse|kbd|kext|lex|lib|lwfn|msc|msm|msp|mst|ncb|nt|obj|obs|old|ost|otf|pch|pfa|pfb|pfm|plist|pnf|pol|pref|prf|prg|prn|pwl|rdb|rll|rox|sbr|scf|scr|sdb|shb|suit|swp|sys|theme|tms|ttc|v2i|vbe|vga|vgd|vxd|win|wpk|db)$
                                Source: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2532729098.000000000018C000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: <?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>8</Id><ext>*.raw,*.wmp,*.tif,*.tiff,*.pict,*.cdr,*.bmp,*.gif,*.jpeg,*.jpg,*.ofx,*.pub,*.ps,*.psd,*.qxd,*.png,*.eps,*.dwg,*.dxf,*.ico,*.indd,*.iges,*.cr2,*.ai,*.3ds,*.pcx,*.sgv,*.wmf,*.met,*.pgm,*.ras,*.svm,*.xbm,*.emf,*.pbm,*.plt,*.sda,*.tga,*.xpm,*.pcd,*.pct,*.ppm,*.sgf,*.pck,*.wpg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>16</Id><ext>*.wma,*.ses,*.ram,*.m4a,*.m4b,*.m4p,*.mid,*.midi,*.mp2,*.mp3,*.mso,*.ogg,*.cda,*.all,*.amr,*.ape,*.asf,*.aif,*.aiff,*.au,*.audiocd,*.dm,*.dss,*.dvf,*.wav</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>32</Id><ext>*.eml</ext><path><string>RB_OSDRIVE</string></path></ssi><ssi><Id>64</Id><ext>*.mny,*.qbw,*.qel,*.qsd,*.qph,*.qbb,*.tax,*.t01,*.t02,*.t03,*.t04,*.t05,*.t06,*.t07,*.t08,*.t09,*.qdf,*.tax2009,*.001,*.247,*.500,*.900,*.989,*.tcp,*.tsf,*.tsm,*.bds,*.sys,*.mdf,*.ldf,*.bkp,*.db,*.cs,*.qbm,*.qbo,*.des,*.qbr,*.qwc,*.qbstbl2.usa,*.qbx,*.qba,*.qby,*.qbj,*.qsm,*.qss,*.qst</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>128</Id><ext>*.azw.?,*.mobi,*.epub</ext><path><string>RB_ALLDRIVES</string></path></ssi></ArrayOfSsi>)|ntuser\.dat(.+?)|ntuser\.pol(.+?)|usrclass\.dat(.+?)|desktop\.ini|\~\$(.+?)|\.\~(.+?)</item></ir><ir><Id>4</Id><item>index\.dat</item></ir><ir><Id>5</Id><item>lnk</item></ir><ir><Id>6</Id><item>edb|tmp|log|ini|pf|chk|lo_|crmlog|bak|dmp|hdmp|mdmp|wab\~|vmc|vhd|vo1|vo2|vsv|vud|vmdk|vmsn|vmsd|hdd|vdi|vmwarevm|nvram|vmx|vmem|iso|dmg|sparseimage|dl_|wim|113|\$\$|\$db|abf|abk|afm|ani|ann|bac|bck|bcm|bdb|bdf|bkf|bmk|bsc|cab|cf1|chq|chw|cnt|com|cpl|ffl|cur|dev|dfont|drv|eot|evt|evtx|ffa|ffo|ffx|fnt|fon|ftg|fts|fxp|gid|grp|hxi|hxq|hxr|hxs|idb|idx|ilk|img|ins|ipf|isp|its|jar|jse|kbd|kext|lex|lib|lwfn|msc|msm|msp|mst|ncb|nt|obj|obs|old|ost|otf|pch|pfa|pfb|pfm|plist|pnf|pol|pref|prf|prg|prn|pwl|rdb|rll|rox|sbr|scf|scr|sdb|shb|suit|swp|sys|theme|tms|ttc|v2i|vbe|vga|vgd|vxd|win|wpk|db</item></ir><ir><Id>7</Id><listItem><Item><Key><string>:\documents and settings\SYSTEM_USER_
                                Source: RightBackup.exe, 00000033.00000002.2310466576.0000000003C9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwarevmLR]qxc
                                Source: RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050BF000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Enterprise NJEnterprise Server (core installation)jEnterprise Server without Hyper-V (core installation)VEnterprise Server for Itanium-based SystemsBEnterprise Server without Hyper-V
                                Source: svchost.exe, 00000034.00000002.3270802113.000002113DC2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                                Source: RightBackup.exe, 00000033.00000002.2336202612.0000000006440000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware@\]q
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 53_2_0A5B3A5F rdtsc 53_2_0A5B3A5F
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AAA188 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,51_2_06AAA188
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AB0457 __decode_pointer,LoadLibraryA,GetProcAddress,__encode_pointer,InterlockedExchange,FreeLibrary,51_2_06AB0457
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AAA188 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,51_2_06AAA188
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AB4FF7 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,51_2_06AB4FF7
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06AA5108 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,51_2_06AA5108
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Excessive usage of taskkill to terminate processes
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup" /fJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" loadvaluesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Program Files (x86)\Right Backup\RBNotifier.exe "C:\Program Files (x86)\Right Backup\RBNotifier.exe" createschedule -fireurlsilentlyJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeProcess created: C:\Program Files (x86)\Right Backup\RightBackup.exe "C:\Program Files (x86)\Right Backup\RightBackup.exe" loadvalues
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"Jump to behavior
                                Source: RightBackup.exe, 00000033.00000002.2317125677.00000000051AB000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050BF000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3317227560.0000000002121000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                                Source: RightBackup.exe, 00000033.00000002.2317125677.0000000005081000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.0000000005095000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndFcUtils|getMACAddress({0})|error:{1}
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,51_2_06AAA668
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,51_2_06AB055F
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s,51_2_06AACE83
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: GetLocaleInfoA,51_2_06AB0EF5
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,51_2_06AACE47
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,51_2_06AACCF3
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: EnumSystemLocalesA,51_2_06AACDB6
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,51_2_06AACDE0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,51_2_06AAAD09
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,51_2_06AACAAD
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,51_2_06AACA15
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,51_2_06AAC8FE
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,51_2_06AB52BB
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,51_2_06AAB227
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: GetLocaleInfoW,51_2_06AB512F
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: GetLastError,__alloca_probe_16,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,51_2_06AB517C
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,51_2_06AB5148
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\RightBackup.exe VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\STBackupclient.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\Microsoft.SqlServer.Types.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\RightBackup.exe VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\STBackupclient.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\Microsoft.SqlServer.Types.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Program Files (x86)\Right Backup\RBClientService.exe VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Program Files (x86)\Right Backup\STBackupclient.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Program Files (x86)\Right Backup\Microsoft.SqlServer.Types.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\RightBackup.exe VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\STBackupclient.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\Microsoft.SqlServer.Types.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\Microsoft.Win32.TaskScheduler.DLL VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Program Files (x86)\Right Backup\RBNotifier.exe VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Program Files (x86)\Right Backup\notifierlib.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Program Files (x86)\Right Backup\Microsoft.Win32.TaskScheduler.DLL VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\RightBackup.exe VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\STBackupclient.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\RightBackup.exe VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\STBackupclient.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Program Files (x86)\Right Backup\RBNotifier.exe VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Program Files (x86)\Right Backup\notifierlib.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Program Files (x86)\Right Backup\RBNotifier.exe VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Program Files (x86)\Right Backup\notifierlib.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RBNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A380D0 GetSystemTimeAsFileTime,__alldvrm,__alldvrm,51_2_06A380D0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A36D30 GetVersionExA,51_2_06A36D30
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                Lowering of HIPS / PFW / Operating System Security Settings

                                barindex
                                Modifies Internet Explorer zone settings
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 1206
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 1206
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 1407
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 1407
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 1206
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 1407

                                Stealing of Sensitive Information

                                barindex
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: 56.0.RBNotifier.exe.e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 54.0.RBClientService.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 56.2.RBNotifier.exe.4aa0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.3.SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp.7630000.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.3.SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp.7656040.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 51.2.RightBackup.exe.60d0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 51.0.RightBackup.exe.d90000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.3.SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp.7656040.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000000.2474621787.00000000000E2000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000036.00000000.2372039696.0000000000012000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2706199675.0000000004AA2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-UGSPB.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-1OA4D.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-6ESI6.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-RSVNH.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-K8A67.tmp, type: DROPPED

                                Remote Access Functionality

                                barindex
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: 56.0.RBNotifier.exe.e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 54.0.RBClientService.exe.10000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 56.2.RBNotifier.exe.4aa0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.3.SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp.7630000.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.3.SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp.7656040.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 51.2.RightBackup.exe.60d0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 51.0.RightBackup.exe.d90000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.3.SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp.7656040.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000000.2474621787.00000000000E2000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000036.00000000.2372039696.0000000000012000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000038.00000002.2706199675.0000000004AA2000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-UGSPB.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-1OA4D.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-6ESI6.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-RSVNH.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Right Backup\is-K8A67.tmp, type: DROPPED
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4C4B0 sqlite3_clear_bindings,sqlite3_free,51_2_06A4C4B0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A964B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_reset,51_2_06A964B0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9E210 _sqlite3_bind_parameter_name_interop@12,51_2_06A9E210
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A98080 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,51_2_06A98080
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8E020 sqlite3_finalize,sqlite3_free,sqlite3_free,sqlite3_reset,sqlite3_bind_int64,51_2_06A8E020
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9E1B0 _sqlite3_bind_double_interop@12,sqlite3_bind_double,51_2_06A9E1B0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A9E1E0 _sqlite3_bind_int64_interop@12,sqlite3_bind_int64,51_2_06A9E1E0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8AFE0 sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_step,sqlite3_column_int,sqlite3_step,51_2_06A8AFE0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8AF10 sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,51_2_06A8AF10
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8ACC0 sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,51_2_06A8ACC0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A90DE0 sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_step,51_2_06A90DE0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8AA20 sqlite3_free,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset,51_2_06A8AA20
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8AB80 sqlite3_bind_int64,sqlite3_step,sqlite3_initialize,sqlite3_step,sqlite3_free,sqlite3_free,51_2_06A8AB80
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8A9A0 sqlite3_bind_value,sqlite3_bind_value,sqlite3_step,51_2_06A8A9A0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D780 sqlite3_bind_double,51_2_06A4D780
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D7E0 sqlite3_bind_int,sqlite3_bind_int64,51_2_06A4D7E0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A957C0 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_blob,sqlite3_free,sqlite3_reset,51_2_06A957C0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D750 sqlite3_bind_blob,51_2_06A4D750
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8B410 sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,51_2_06A8B410
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8B280 sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_step,sqlite3_column_int64,sqlite3_column_int64,sqlite3_step,51_2_06A8B280
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A993A0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_step,sqlite3_reset,sqlite3_reset,51_2_06A993A0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A97080 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,51_2_06A97080
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A970E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,51_2_06A970E0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8B150 sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_reset,51_2_06A8B150
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A97FE0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,51_2_06A97FE0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4DCE0 sqlite3_transfer_bindings,51_2_06A4DCE0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8FD10 sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,_memset,sqlite3_step,sqlite3_finalize,sqlite3_free,sqlite3_free,51_2_06A8FD10
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4DAE0 sqlite3_bind_parameter_name,51_2_06A4DAE0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8FA30 _memset,sqlite3_initialize,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,51_2_06A8FA30
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4DA00 sqlite3_bind_zeroblob,51_2_06A4DA00
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4DA70 sqlite3_bind_parameter_count,51_2_06A4DA70
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A95A50 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,51_2_06A95A50
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A8DBE0 sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,51_2_06A8DBE0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4DB10 sqlite3_bind_parameter_index,51_2_06A4DB10
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D8A0 sqlite3_bind_text,51_2_06A4D8A0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D8D0 sqlite3_bind_text16,51_2_06A4D8D0
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D800 sqlite3_bind_int64,51_2_06A4D800
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D870 sqlite3_bind_null,51_2_06A4D870
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D923 sqlite3_bind_int64,51_2_06A4D923
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D900 sqlite3_bind_value,51_2_06A4D900
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D941 sqlite3_bind_double,51_2_06A4D941
                                Source: C:\Program Files (x86)\Right Backup\RightBackup.exeCode function: 51_2_06A4D95F sqlite3_bind_zeroblob,51_2_06A4D95F

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
                                Windows Management Instrumentation                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		211
                                Disable or Modify Tools                                		OS Credential Dumping11
                                System Time Discovery                                		Remote Services11
                                Archive Collected Data                                		1
                                Ingress Tool Transfer                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts1
                                Native API                                		1
                                Windows Service                                		1
                                Windows Service                                		11
                                Deobfuscate/Decode Files or Information                                		LSASS Memory3
                                File and Directory Discovery                                		Remote Desktop Protocol1
                                Browser Session Hijacking                                		21
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts2
                                Command and Scripting Interpreter                                		11
                                Scheduled Task/Job                                		12
                                Process Injection                                		3
                                Obfuscated Files or Information                                		Security Account Manager57
                                System Information Discovery                                		SMB/Windows Admin SharesData from Network Shared Drive2
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts11
                                Scheduled Task/Job                                		1
                                Registry Run Keys / Startup Folder                                		11
                                Scheduled Task/Job                                		12
                                Software Packing                                		NTDS1
                                Query Registry                                		Distributed Component Object ModelInput Capture13
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                                Registry Run Keys / Startup Folder                                		1
                                Timestomp                                		LSA Secrets151
                                Security Software Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                DLL Side-Loading                                		Cached Domain Credentials2
                                Process Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                                Masquerading                                		DCSync161
                                Virtualization/Sandbox Evasion                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                Modify Registry                                		Proc Filesystem1
                                Application Window Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt161
                                Virtualization/Sandbox Evasion                                		/etc/passwd and /etc/shadow2
                                System Owner/User Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                                Process Injection                                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1428477 Sample: SecuriteInfo.com.Program.Un... Startdate: 19/04/2024 Architecture: WINDOWS Score: 46 57 www.rightbackup.com 2->57 59 www.google.com 2->59 61 8 other IPs or domains 2->61 77 Snort IDS alert for network traffic 2->77 79 Yara detected PureLog Stealer 2->79 81 .NET source code contains method to dynamically call methods (often used by packers) 2->81 83 3 other signatures 2->83 9 SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe 2 2->9         started        12 RBClientService.exe 2->12         started        15 svchost.exe 2->15         started        18 3 other processes 2->18 signatures3 process4 dnsIp5 55 SecuriteInfo.com.P....5412.9308.3353.tmp, PE32 9->55 dropped 20 SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp 68 108 9->20         started        91 Reads the Security eventlog 12->91 93 Reads the System eventlog 12->93 75 127.0.0.1 unknown unknown 15->75 file6 signatures7 process8 dnsIp9 63 www.rightbackup.com 157.245.131.96, 443, 49706, 49707 DIGITALOCEAN-ASNUS United States 20->63 65 wkrn9i3f01.execute-api.us-east-1.amazonaws.com 13.33.4.104, 443, 49709 ATT-INTERNET4US United States 20->65 47 C:\Program Files (x86)\...\is-UGSPB.tmp, PE32 20->47 dropped 49 C:\Program Files (x86)\...\is-RSVNH.tmp, PE32 20->49 dropped 51 C:\Program Files (x86)\...\is-K8A67.tmp, PE32 20->51 dropped 53 39 other files (3 malicious) 20->53 dropped 85 Uses schtasks.exe or at.exe to add and modify task schedules 20->85 87 Excessive usage of taskkill to terminate processes 20->87 25 RightBackup.exe 20->25         started        29 RBNotifier.exe 20->29         started        31 taskkill.exe 1 20->31         started        33 24 other processes 20->33 file10 signatures11 process12 dnsIp13 67 systweak1.hs.llnwd.net 69.164.42.2, 443, 49737, 49738 LLNWUS United States 25->67 69 trackingapi.systweak.com 23.108.29.119, 443, 49736 LEASEWEB-USA-NYC-11US United States 25->69 73 4 other IPs or domains 25->73 89 Modifies Internet Explorer zone settings 25->89 71 activate123.com 165.227.176.158, 443, 49723, 49726 DIGITALOCEAN-ASNUS United States 29->71 35 RightBackup.exe 29->35         started        37 conhost.exe 31->37         started        39 conhost.exe 33->39         started        41 conhost.exe 33->41         started        43 conhost.exe 33->43         started        45 19 other processes 33->45 signatures14 process15

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe3%ReversingLabs

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Program Files (x86)\Right Backup\AWSSDK.Core.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\AWSSDK.S3.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\AppResource.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\FSLibRsyncWrapper.dll (copy)4%ReversingLabs
                                C:\Program Files (x86)\Right Backup\HtmlRenderer.dll (copy)2%ReversingLabs
                                C:\Program Files (x86)\Right Backup\Interop.IWshRuntimeLibrary.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\Microsoft.SqlServer.Types.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\Microsoft.Win32.TaskScheduler.DLL (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\RBClientService.exe (copy)4%ReversingLabs
                                C:\Program Files (x86)\Right Backup\RBNotifier.exe (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\RightBackup.exe (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\STBackupclient.dll (copy)4%ReversingLabs
                                C:\Program Files (x86)\Right Backup\SevenZipSharp.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\System.Core.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\System.Data.DataSetExtensions.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\System.Runtime.Serialization.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\System.Threading.dll (copy)0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-1OA4D.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-2DNNP.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-65K01.tmp4%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-6ESI6.tmp4%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-7Q60P.tmp2%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-86NQ8.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-A8JFA.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-C7UUC.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-GEL0D.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-GQNVN.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-GR5UV.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-ILJ84.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-K8A67.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-R278I.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-RHSP2.tmp4%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-RSVNH.tmp4%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-S4F4B.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-U9DNA.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-UGSPB.tmp4%ReversingLabs
                                C:\Program Files (x86)\Right Backup\is-VKH9R.tmp0%ReversingLabs
                                C:\Program Files (x86)\Right Backup\notifierlib.dll (copy)4%ReversingLabs
                                C:\Program Files (x86)\Right Backup\unins000.exe (copy)4%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\is-468CM.tmp\_isetup\_setup64.tmp0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\is-468CM.tmp\isxdl.dll4%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp4%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://schemas.datacontract.org0%URL Reputationsafe
                                https://www.remobjects.com/ps0%URL Reputationsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                wkrn9i3f01.execute-api.us-east-1.amazonaws.com
                                		13.33.4.104
                                		truefalse
                                  		high
                                  systweak1.hs.llnwd.net
                                  		69.164.42.2
                                  		truefalse
                                    		high
                                    trackingapi.systweak.com
                                    		23.108.29.119
                                    		truefalse
                                      		high
                                      googleads.g.doubleclick.net
                                      		172.217.215.154
                                      		truefalse
                                        		high
                                        activate123.com
                                        		165.227.176.158
                                        		truefalse
                                          		unknown
                                          cdnjs.cloudflare.com
                                          		104.17.24.14
                                          		truefalse
                                            		high
                                            www.rightbackup.com
                                            		157.245.131.96
                                            		truetrue
                                              		unknown
                                              www.google.com
                                              		64.233.177.99
                                              		truefalse
                                                		high
                                                s1kegmsmob.execute-api.us-east-1.amazonaws.com
                                                		99.84.208.33
                                                		truefalse
                                                  		high
                                                  cdn.systweak.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.rightbackup.com/getipaddress.asp/true
                                                      		unknown
                                                      https://trackingapi.systweak.com/trservice.jsfalse
                                                        		high
                                                        https://cdn.systweak.com/website/rightbackup/images/afterinstall_upload.pngfalse
                                                          		high
                                                          http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgRRtTk0GO_bhrEGIjBicapeUPPORed_k7SaohNnnaEUzA_nA6L1WELRTq_i0fpuMUuxRz1Zkh1zrha3hF0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                                                            		high
                                                            https://wkrn9i3f01.execute-api.us-east-1.amazonaws.com/ip?ip=81.181.57.52false
                                                              		high
                                                              https://www.rightbackup.com/css/modal.csstrue
                                                                		unknown

                                                                URLs from Memory and Binaries

                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                http://schemas.datacontract.org/2004/07/RightBackupServicekRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                  		unknown
                                                                  http://www.rightbackup.com/getipaddress.asp8SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2535108341.000000000090E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://is.systweak.com/RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.rightbackup.com/afterinstall.aspx?newrb=1&amp&utm_content=AfterInstall&amp&RightBackup.exe, 00000033.00000002.2310466576.0000000003DEA000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.0000000003CF4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://schemas.datacontract.org/2004/07/RightBackupServiceoRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressing/faultLRBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/IBackupRequest/IsServiceRunningLRRBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://schemas.datacontract.orgRBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://schemas.datacontract.org/2004/07/RightBackupServicecRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                		unknown
                                                                                http://www.rightbackup.com/?SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://schemas.datacontract.org/2004/07/RightBackupServicedRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://www.rightbackup.com/afterinstall.aspx?newrb=1&amp;utm_content=AfterInstall&amp;RBClientService.exe, 00000036.00000002.3281787479.0000000001178000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://schemas.datacontract.org/2004/07/RightBackupServicebRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                        		unknown
                                                                                        http://schemas.datacontract.org/2004/07/RightBackupServicegRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                          		unknown
                                                                                          http://schemas.datacontract.org/2004/07/RightBackupServicehRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                            		unknown
                                                                                            https://wkrn9i3f01.execute-api.us-east-1.amazonaws.com/SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2552333360.00000000056A0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.0000000000994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.datacontract.org/2004/07/RightBackupServiceeRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                		unknown
                                                                                                http://schemas.datacontract.org/2004/07/RightBackupServicefRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://tempuri.org/IRightBackupServer/BeginDeltaFileBackupTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://tempuri.org/IRightBackupServer/GetUserDeltaFileSetListResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://www.rightbackup.com/getipaddress.aspHSecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000002.2535108341.000000000090E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://tempuri.org/SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmp, RightBackup.exe, 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007F28000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://tempuri.org/IBackupRequest/IsServiceRunningResponseTRBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://tempuri.org/IRightBackupServer/IsWebFileDeltaResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://tempuri.org/IRightBackupServer/BeginWebFileBackupResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://tempuri.org/IRightBackupServer/GetUserDeltaFilesListTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://tempuri.org/IRightBackupServer/BeginFileBackupResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/IRightBackupServer/GetFileSearchByNameResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/IRightBackupServer/BeginFileSetBackupTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://tempuri.org/IRightBackupServer/SendInvitationResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://tempuri.org/IRightBackupServer/GetUserSmartDirFilesResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://www.rightbackup.com/SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000978000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.0000000000976000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075836848.0000000000976000.00000004.00000020.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://www.opensource.org/licenses/mit-license.phpRightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.datacontract.org/2004/07/IPCCommunicationdRBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://tempuri.org/IRightBackupServer/GetUserSmartDirDetailsResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://www.rightbackup.com/Policy#TermsOfUseSecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2493502977.00000000074D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://www.remobjects.com/psSecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000000.2024870294.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://www.innosetup.com/SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2023332301.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2020923280.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000000.2024870294.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://blogs.msdn.com/b/chuckw/archive/2013/09/10/manifest-madness.aspxRightBackup.exe, 00000033.00000000.2286554354.0000000001402000.00000002.00000001.01000000.0000000A.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001432000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/IRightBackupServer/BeginWebFileBackupTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://schemas.datacontract.org/2004/07/RightBackupServiceYRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://tempuri.org/IRightBackupServer/CommitDeltaFileSetBackupTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://schemas.datacontract.org/2004/07/RightBackupServiceZRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://schemas.datacontract.org/2004/07/RightBackupService_RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://tempuri.org/IBackupRequest/SmartBackupRunRequestLRRBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://tempuri.org/IRightBackupServer/GetEnumsResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://schemas.datacontract.org/2004/07/RightBackupServiceTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRightBackup.exe, 00000033.00000002.2310466576.00000000039D7000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.00000000038E7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.rightbackup.com/Policy#DMCASecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.000000000094D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://track.rightbackup.com/tempfile/SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.0000000003740000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://tempuri.org/IBackupRequest/SignOutRequestLRRBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://tempuri.org/IBackupRequest/SmartRestoreRunRequestResponseTRBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://tempuri.org/IRightBackupServer/GetUserMachinesResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://ws1c.systweak.com/cRightBackupServerRightBackup.exe, 00000033.00000002.2310466576.0000000003E24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://tempuri.org/IBackupRequest/SignOutRequestResponseTRBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://tempuri.org/IRightBackupServer/UpdateMachineInfoTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://cdn.systweak.com/setups/df/NDP452.exeSecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2493502977.0000000007490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://aws.amazon.com/t-RightBackup.exe, 00000035.00000002.2397017671.0000000003C6D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://tempuri.org/IRightBackupServer/RegisterUserTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://tempuri.org/IRightBackupServer/GetUserSmartBackupDetailsResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://tempuri.org/IRightBackupServer/SetRestoreLogsResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://schemas.datacontract.org/2004/07/RightBackupServiceRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://tempuri.org/IRightBackupServer/GetUserConfig2TRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://tempuri.org/IRightBackupServer/GetDirTreeResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://www.rightbackup.com/autologin/?SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://schemas.datacontract.org/2004/07/RightBackupService(RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://schemas.datacontract.org/2004/07/RightBackupService&RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://crl.ver)svchost.exe, 00000034.00000002.3273170597.0000021143400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		low
                                                                                                                                                                                                    http://www.rightbackup.com/6http://www.rightbackup.com/SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://tempuri.org/IRightBackupServer/GetUserSmartFilesListTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://ws1c.systweak.com/RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://www.rightbackup.com/R2SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000978000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.0000000000976000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075836848.0000000000976000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://tempuri.org/IRightBackupServer/GetUserSmartDirFilesTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://schemas.datacontract.org/2004/07/RightBackupService1RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://schemas.datacontract.org/2004/07/RightBackupService8RBClientService.exe, 00000036.00000002.3281787479.0000000001536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://tempuri.org/IRightBackupServer/DeleteFilesFromWebTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://tempuri.org/IBackupRequest/RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://tempuri.org/IRightBackupServer/GetUserSmartFilesListResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        http://www.istool.org/isxdl.aspxSecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressingRightBackup.exe, 00000033.00000002.2350454510.000000000813D000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2443898050.0000000007F28000.00000004.00000800.00020000.00000000.sdmp, RBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://sqlite.phxsoftware.comn#RightBackup.exe, 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              http://tempuri.org/IBackupRequest/CustomBackupStopRequestResponseTRBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://www.rightbackup.com/Policy#PrivacyPolicySecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2017278309.0000000002560000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe, 00000000.00000003.2556271881.0000000000A83000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2026711132.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2493502977.00000000074D7000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2486848404.000000000366A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  http://schemas.xmlsoap.org/wsdl/RightBackup.exe, 00000033.00000002.2310466576.00000000039D7000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2397017671.00000000038E7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://www.rightbackup.com/getipaddress.aspSSecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2075715937.000000000097F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2524242378.0000000000983000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, 00000002.00000003.2219769120.0000000000987000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                      http://tempuri.org/IRightBackupServer/GetUserConfigTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                        http://ws1b.systweak.com/RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://y31uv4ra1.vo.llnwd.net/RightBackup.exe, 00000035.00000002.2463550102.000000000BBF0000.00000004.08000000.00040000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.000000000463B000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000047B4000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2456554663.000000000A8C1000.00000004.00000800.00020000.00000000.sdmp, RightBackup.exe, 00000035.00000002.2411253559.00000000050EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://tempuri.org/IRightBackupServer/DeleteFilesByPathResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                              http://tempuri.org/IRightBackupServer/CommitDeltaFileSetBackupResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                http://tempuri.org/IRightBackupServer/GetAmazonCredentialsResponseRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                  http://tempuri.org/IRightBackupServer/GetDirTreeByLevelTRightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                    http://tempuri.org/IBackupRequest/CustomRestoreRunRequestLRRBClientService.exe, 00000036.00000002.3281787479.00000000014D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                      http://aws.amazon.com/s3RightBackup.exe, RightBackup.exe, 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                        104.17.24.14
                                                                                                                                                                                                                                                        		cdnjs.cloudflare.comUnited States
                                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                        172.217.215.154
                                                                                                                                                                                                                                                        		googleads.g.doubleclick.netUnited States
                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                        69.164.42.2
                                                                                                                                                                                                                                                        		systweak1.hs.llnwd.netUnited States
                                                                                                                                                                                                                                                        		22822LLNWUSfalse
                                                                                                                                                                                                                                                        157.245.131.96
                                                                                                                                                                                                                                                        		www.rightbackup.comUnited States
                                                                                                                                                                                                                                                        		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                                                                                                                                        13.33.4.104
                                                                                                                                                                                                                                                        		wkrn9i3f01.execute-api.us-east-1.amazonaws.comUnited States
                                                                                                                                                                                                                                                        		7018ATT-INTERNET4USfalse
                                                                                                                                                                                                                                                        99.84.208.33
                                                                                                                                                                                                                                                        		s1kegmsmob.execute-api.us-east-1.amazonaws.comUnited States
                                                                                                                                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                        64.233.177.99
                                                                                                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                        23.108.29.119
                                                                                                                                                                                                                                                        		trackingapi.systweak.comUnited States
                                                                                                                                                                                                                                                        		396362LEASEWEB-USA-NYC-11USfalse
                                                                                                                                                                                                                                                        165.227.176.158
                                                                                                                                                                                                                                                        		activate123.comUnited States
                                                                                                                                                                                                                                                        		14061DIGITALOCEAN-ASNUSfalse

                                                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                                                        Analysis ID:1428477
                                                                                                                                                                                                                                                        Start date and time:2024-04-19 01:32:07 +02:00
                                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                        Overall analysis duration:0h 13m 24s
                                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                        Number of analysed new started processes analysed:63
                                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                                        Sample name:SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                                        Classification:mal46.phis.troj.evad.winEXE@83/408@9/10
                                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                                        • Successful, ratio: 75%
                                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                                        • Successful, ratio: 76%
                                                                                                                                                                                                                                                        • Number of executed functions: 157
                                                                                                                                                                                                                                                        • Number of non-executed functions: 192
                                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 23.201.212.130, 64.233.185.95, 142.250.9.97, 204.79.197.237, 13.107.21.237, 172.253.124.101, 172.253.124.113, 172.253.124.139, 172.253.124.138, 172.253.124.102, 172.253.124.100
                                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, bat-bing-com.dual-a-0034.a-msedge.net, slscr.update.microsoft.com, ajax.googleapis.com, ctldl.windowsupdate.com, www.baidu.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, offers.systweak.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, www.googletagmanager.com, e16604.g.akamaiedge.net, bat.bing.com, dual-a-0034.a-msedge.net, prod.fs.microsoft.com.akadns.net, www.google-analytics.com
                                                                                                                                                                                                                                                        • Execution Graph export aborted for target SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp, PID 1248 because there are no executed function
                                                                                                                                                                                                                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                        • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                        • VT rate limit hit for: SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe

                                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                                        01:33:24API Interceptor3392x Sleep call for process: RightBackup.exe modified
                                                                                                                                                                                                                                                        01:33:24API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                                                        01:33:55Task SchedulerRun new task: Right Backup_startup path: C:\Program Files (x86)\Right Backup\RightBackup.exe s>autolaunch
                                                                                                                                                                                                                                                        01:33:56API Interceptor1x Sleep call for process: RBNotifier.exe modified
                                                                                                                                                                                                                                                        01:33:57Task SchedulerRun new task: Right BackupNotifier path: C:\Program Files (x86)\Right Backup\RBNotifier.exe s>neweventtrigger
                                                                                                                                                                                                                                                        01:33:57Task SchedulerRun new task: Right BackupNotifier_startup path: C:\Program Files (x86)\Right Backup\RBNotifier.exe s>startup
                                                                                                                                                                                                                                                        01:33:58Task SchedulerRun new task: Right BackupNotifier_trigger path: C:\Program Files (x86)\Right Backup\RBNotifier.exe s>startup neweventtrigger
                                                                                                                                                                                                                                                        01:34:11API Interceptor34577x Sleep call for process: RBClientService.exe modified

                                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        104.17.24.14http://vtaurl.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
                                                                                                                                                                                                                                                        http://Voyages.CNTraveler.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/animation.gsap.js
                                                                                                                                                                                                                                                        69.164.42.2SecuriteInfo.com.Program.Unwanted.5412.881.13731.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                        • cdn.systweak.com/setups/dff/utilitykit/images/tweakshot-hover.png
                                                                                                                                                                                                                                                        23.108.29.1190d#Uff09.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • www.systweak.com/Registrycleaner/updatedff.asp?dll-files=1&ver=2.7.72.2315&isreg=0&regkey=&dllname=nodll
                                                                                                                                                                                                                                                        SecuriteInfo.com.Program.Unwanted.5011.4925.3230.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                        • www.systweak.com/getipaddress.asp
                                                                                                                                                                                                                                                        SecuriteInfo.com.Program.Unwanted.5011.4925.3230.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                        • www.systweak.com/getipaddress.asp
                                                                                                                                                                                                                                                        157.245.131.96SecuriteInfo.com.Program.Unwanted.5177.26941.2890.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                          SecuriteInfo.com.Program.Unwanted.5177.26941.2890.exeGet hashmaliciousPureLog Stealer, zgRATBrowse

                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            trackingapi.systweak.comSecuriteInfo.com.Program.Unwanted.5011.4925.3230.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5011.4925.3230.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5177.26941.2890.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5177.26941.2890.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.32569.27682.exeGet hashmaliciouszgRATBrowse
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.32569.27682.exeGet hashmaliciouszgRATBrowse
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            HRXoZLG4ym.exeGet hashmaliciousAsyncRAT QuasarBrowse
                                                                                                                                                                                                                                                            • 167.172.155.182
                                                                                                                                                                                                                                                            activate123.comSecuriteInfo.com.Program.Unwanted.5011.4925.3230.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5011.4925.3230.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.8929.16808.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.8929.16808.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.881.13731.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.881.13731.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.32569.27682.exeGet hashmaliciouszgRATBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.32569.27682.exeGet hashmaliciouszgRATBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5177.1084.29486.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            sysrc_trial.exeGet hashmaliciouszgRATBrowse
                                                                                                                                                                                                                                                            • 5.79.122.22
                                                                                                                                                                                                                                                            systweak1.hs.llnwd.netSecuriteInfo.com.Program.Unwanted.5011.4925.3230.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 69.164.46.115
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5011.4925.3230.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 69.164.46.160
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5177.26941.2890.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                            • 68.142.107.8
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5177.26941.2890.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                            • 68.142.107.153
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.8929.16808.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 68.142.107.153
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.881.13731.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.881.13731.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                            • 208.111.131.12
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.32569.27682.exeGet hashmaliciouszgRATBrowse
                                                                                                                                                                                                                                                            • 208.111.131.12
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.32569.27682.exeGet hashmaliciouszgRATBrowse
                                                                                                                                                                                                                                                            • 208.111.131.12
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5177.1084.29486.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 208.111.131.12
                                                                                                                                                                                                                                                            cdnjs.cloudflare.comhttps://b5qm3iux.dreamwp.com/erepxs/tracking/fV5EjH/msg.php?id=97973728Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            http://wzxqi.theknittingdoula.com/ghoopuh/lopwiuiyeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            https://nwcchicago-my.sharepoint.com/:b:/p/jpsanavaitis/EZA36vHeUQxCnJ96O418g94BWiWpCx4SyNTLHION5X1T7g?e=N00DO7Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.25.14
                                                                                                                                                                                                                                                            https://msteams.link/WK80Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.25.14
                                                                                                                                                                                                                                                            https://watsonpropertyllc.formstack.com/forms/staffGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.17.25.14
                                                                                                                                                                                                                                                            https://znixulyp.com/vGgw6oGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            https://huntingtonoakmont-my.sharepoint.com/:b:/g/personal/cmariotti_oakmontcommunities_com/EeUv57weU1BKhs36H3rF_G0BHM4kTzJShI_ZPwFvp1P7-g?e=4UASJ5Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.25.14
                                                                                                                                                                                                                                                            Nexpoint-annual-staff-promotion-and-benefits_KDV-791358.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            Nexpoint-annual-staff-promotion-and-benefits_KDV-791358.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.17.25.14

                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            AMAZON-02USSecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                                            • 52.216.50.177
                                                                                                                                                                                                                                                            https://15ab0ot.pages.dev/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                                                                                                            • 13.248.207.97
                                                                                                                                                                                                                                                            https://18apmic18.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                                            • 13.226.100.14
                                                                                                                                                                                                                                                            https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                            • 99.86.229.114
                                                                                                                                                                                                                                                            Payment Receipt .htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 108.156.152.88
                                                                                                                                                                                                                                                            czEunnbk7b.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 54.119.141.90
                                                                                                                                                                                                                                                            BzmhHwFpCV.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 52.39.162.69
                                                                                                                                                                                                                                                            6VXQ3TUNZo.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 3.100.156.63
                                                                                                                                                                                                                                                            BLrwZkQmAq.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 34.249.145.219
                                                                                                                                                                                                                                                            dPFRrhKTeG.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 18.183.58.67
                                                                                                                                                                                                                                                            CLOUDFLARENETUShttps://appddd08.z19.web.core.windows.net/Win0security-helpline07/index.html?ph0n=1-844-492-0415Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                                            • 104.21.53.38
                                                                                                                                                                                                                                                            https://6a5ff6af4b0fe3e6f0bd452927dfb55b352fdd2d1bab6d1e7de2b641e2.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 172.66.46.227
                                                                                                                                                                                                                                                            SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                                            • 104.21.91.214
                                                                                                                                                                                                                                                            https://15ab0ot.pages.dev/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                                                                                                            • 172.66.44.253
                                                                                                                                                                                                                                                            https://b5qm3iux.dreamwp.com/erepxs/tracking/fV5EjH/msg.php?id=97973728Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            https://netflixfreeprimeofficle.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 172.67.161.164
                                                                                                                                                                                                                                                            https://18apmic18.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                                            • 172.64.151.101
                                                                                                                                                                                                                                                            UeW2b6mU6Z.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                            • 104.26.5.15
                                                                                                                                                                                                                                                            https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                            • 172.66.0.163
                                                                                                                                                                                                                                                            Payment Receipt .htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 172.67.202.97
                                                                                                                                                                                                                                                            LLNWUShttp://cf-ipfs.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 208.111.163.26
                                                                                                                                                                                                                                                            arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 111.119.132.65
                                                                                                                                                                                                                                                            uTorrent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 68.142.107.154
                                                                                                                                                                                                                                                            uTorrent.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 68.142.107.154
                                                                                                                                                                                                                                                            TaNoeG7qKG.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 156.86.193.39
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.26753.681.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 69.28.187.177
                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5412.26753.681.exeGet hashmaliciousHawkEye, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 69.28.157.141
                                                                                                                                                                                                                                                            http://gsmgoodssk.lifeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 68.142.113.98
                                                                                                                                                                                                                                                            http://www.alliedvalveinc.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 69.28.187.147
                                                                                                                                                                                                                                                            https://auth.secure.onlinebanking.dashboard.brand.hyperbolicbrewingco.com/FNBO/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 69.28.187.147
                                                                                                                                                                                                                                                            ATT-INTERNET4USczEunnbk7b.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 13.3.222.203
                                                                                                                                                                                                                                                            9IseFevRH6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 32.141.146.161
                                                                                                                                                                                                                                                            BzmhHwFpCV.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 70.241.215.60
                                                                                                                                                                                                                                                            6VXQ3TUNZo.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 65.15.166.96
                                                                                                                                                                                                                                                            dPFRrhKTeG.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 107.249.92.174
                                                                                                                                                                                                                                                            Gq7FlDf6cE.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 107.194.171.81
                                                                                                                                                                                                                                                            wFtZih4nN9.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 99.182.100.249
                                                                                                                                                                                                                                                            KSRRrEMt1w.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 12.119.9.60
                                                                                                                                                                                                                                                            ZOHH8muwjh.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 99.184.87.6
                                                                                                                                                                                                                                                            F723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                            • 12.221.146.138
                                                                                                                                                                                                                                                            DIGITALOCEAN-ASNUSdPFRrhKTeG.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 134.209.44.114
                                                                                                                                                                                                                                                            wFtZih4nN9.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 157.245.182.51
                                                                                                                                                                                                                                                            4QuhksnsA6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 159.89.195.76
                                                                                                                                                                                                                                                            G9J8ic1utC.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 174.138.17.43
                                                                                                                                                                                                                                                            oLSb7SzacE.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                            • 157.245.211.194
                                                                                                                                                                                                                                                            H8wnVxIEh6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                            • 157.245.211.184
                                                                                                                                                                                                                                                            skid.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                            • 157.245.211.184
                                                                                                                                                                                                                                                            https://eNewsletter.cityemployeesclub.com/t/r-l-tiutyult-uklhkkukdd-d/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 139.59.48.181
                                                                                                                                                                                                                                                            ZG17uv37pi.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.93.177.59
                                                                                                                                                                                                                                                            ZG17uv37pi.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.93.177.59

                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            54328bd36c14bd82ddaa0c04b25ed9admdWXrbOxsY.exeGet hashmaliciousXehook StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            mdWXrbOxsY.exeGet hashmaliciousXehook StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            M0uVrW4HJb.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            Hj8wbvoT1k.exeGet hashmaliciousXehook StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            Hj8wbvoT1k.exeGet hashmaliciousXehook StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            rSyDiExlek.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            Request For Quotation.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            Request For Quotation.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            PEE1tTQcx4.exeGet hashmaliciousXehook StealerBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            SecuriteInfo.com.FileRepPup.2542.22578.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.Trojan.KillProc2.23108.29569.31585.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            https://netflixfreeprimeofficle.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            KZWCMNWmmqi9lvI.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            Payment.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            DOCUMENTS OF OWNERSHIP AND PAYMENT REQUIREMENTS.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            Gcerti Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            Arba Outstanding Statement.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            Shipping Dcuments_CI PKL_HL_.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            hesaphareketi-01.pdf.SCR.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            Request for Proposal Quote_2414976#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                                                                                                                                                                                                                            • 165.227.176.158
                                                                                                                                                                                                                                                            37f463bf4616ecd445d4a1937da06e19Shipping Dcuments_CI PKL_HL_.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            • 172.217.215.154
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            • 157.245.131.96
                                                                                                                                                                                                                                                            • 13.33.4.104
                                                                                                                                                                                                                                                            • 99.84.208.33
                                                                                                                                                                                                                                                            • 64.233.177.99
                                                                                                                                                                                                                                                            F723838674.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            • 172.217.215.154
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            • 157.245.131.96
                                                                                                                                                                                                                                                            • 13.33.4.104
                                                                                                                                                                                                                                                            • 99.84.208.33
                                                                                                                                                                                                                                                            • 64.233.177.99
                                                                                                                                                                                                                                                            Request for Proposal Quote_2414976#U00b7pdf.vbsGet hashmaliciousGuLoader, LokibotBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            • 172.217.215.154
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            • 157.245.131.96
                                                                                                                                                                                                                                                            • 13.33.4.104
                                                                                                                                                                                                                                                            • 99.84.208.33
                                                                                                                                                                                                                                                            • 64.233.177.99
                                                                                                                                                                                                                                                            Signed Proforma Invoice 3645479_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            • 172.217.215.154
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            • 157.245.131.96
                                                                                                                                                                                                                                                            • 13.33.4.104
                                                                                                                                                                                                                                                            • 99.84.208.33
                                                                                                                                                                                                                                                            • 64.233.177.99
                                                                                                                                                                                                                                                            F723838674.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            • 172.217.215.154
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            • 157.245.131.96
                                                                                                                                                                                                                                                            • 13.33.4.104
                                                                                                                                                                                                                                                            • 99.84.208.33
                                                                                                                                                                                                                                                            • 64.233.177.99
                                                                                                                                                                                                                                                            order & specification.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            • 172.217.215.154
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            • 157.245.131.96
                                                                                                                                                                                                                                                            • 13.33.4.104
                                                                                                                                                                                                                                                            • 99.84.208.33
                                                                                                                                                                                                                                                            • 64.233.177.99
                                                                                                                                                                                                                                                            SHIPPING DOCUMENTS_PDF..vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            • 172.217.215.154
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            • 157.245.131.96
                                                                                                                                                                                                                                                            • 13.33.4.104
                                                                                                                                                                                                                                                            • 99.84.208.33
                                                                                                                                                                                                                                                            • 64.233.177.99
                                                                                                                                                                                                                                                            DHL Receipt_pdf.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            • 172.217.215.154
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            • 157.245.131.96
                                                                                                                                                                                                                                                            • 13.33.4.104
                                                                                                                                                                                                                                                            • 99.84.208.33
                                                                                                                                                                                                                                                            • 64.233.177.99
                                                                                                                                                                                                                                                            Remittance slip.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            • 172.217.215.154
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            • 157.245.131.96
                                                                                                                                                                                                                                                            • 13.33.4.104
                                                                                                                                                                                                                                                            • 99.84.208.33
                                                                                                                                                                                                                                                            • 64.233.177.99
                                                                                                                                                                                                                                                            zHsIxYcmJV.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.17.24.14
                                                                                                                                                                                                                                                            • 172.217.215.154
                                                                                                                                                                                                                                                            • 69.164.42.2
                                                                                                                                                                                                                                                            • 23.108.29.119
                                                                                                                                                                                                                                                            • 157.245.131.96
                                                                                                                                                                                                                                                            • 13.33.4.104
                                                                                                                                                                                                                                                            • 99.84.208.33
                                                                                                                                                                                                                                                            • 64.233.177.99

                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            C:\Program Files (x86)\Right Backup\Interop.IWshRuntimeLibrary.dll (copy)SecuriteInfo.com.Program.Unwanted.5177.16995.23183.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                              SecuriteInfo.com.Program.Unwanted.5177.16995.23183.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                SecuriteInfo.com.Program.Unwanted.5412.8929.16808.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.Unwanted.5412.8929.16808.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                    SecuriteInfo.com.Program.Unwanted.5412.32569.27682.exeGet hashmaliciouszgRATBrowse
                                                                                                                                                                                                                                                                      SecuriteInfo.com.Program.Unwanted.5412.32569.27682.exeGet hashmaliciouszgRATBrowse
                                                                                                                                                                                                                                                                        HRXoZLG4ym.exeGet hashmaliciousAsyncRAT QuasarBrowse

                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\AWSSDK.Core.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1871872
                                                                                                                                                                                                                                                                          Entropy (8bit):5.291782870548396
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:tXp5Y9VOANZ31QRGZDiUj4cCM5tuR+8w7:a990WcPg8w
                                                                                                                                                                                                                                                                          MD5:D00E478FEC3A14900132B4D1736164BC
                                                                                                                                                                                                                                                                          SHA1:C9BD6E5CAA934AFAF1C8FB5B420825ED921E85D6
                                                                                                                                                                                                                                                                          SHA-256:528C5281FF2ED232E4EC7B173433B72CF2F9468036C723798C2742D779BDD22C
                                                                                                                                                                                                                                                                          SHA-512:0A8CCB387B76A519F490B13A6FBB5EE0ADF4E5CEF2E30CBA03B749EDC12C5F03AC59A39F2013A7A17CAF4B1774D0D30D597C804C68E0B5FE64CB0DBA1E4D31AA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................................`.................................^...O...................................H...T............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........H..<*...........r..x/............................................(W...*..-.r...pr...psX...z.-.ri..pr{..psX...z..oY...(....*2.sZ...(....*..-.r...pr...psX...z.(....([...r...pr...po\...*..-.r...pr...psX...z.-.ri..pr...psX...z..oY...(....*2.sZ...(....*....0..{........-.r...pr...psX...z.......... .#Eg}...... ....}...... ...}...... vT2.}......+.....(......@X....i.@Y1.....i.Y...ij.jZ(....*..0...........@........(].........(^..... .......8/.....8.(^.......(....+%....(.....@

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\AWSSDK.S3.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):830464
                                                                                                                                                                                                                                                                          Entropy (8bit):5.788687720136705
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:/aDnawzvtbqeG9LLPogKlbqZvUxL58rWIO84z/Ulo6KpZ47:Yn/xqeG9LLPogKlbqZvUxL58rWIO84zR
                                                                                                                                                                                                                                                                          MD5:0D744D4253C29336304DF59611AF51F2
                                                                                                                                                                                                                                                                          SHA1:16EFC3819442AB3642AE08FF0D647FBC987D935F
                                                                                                                                                                                                                                                                          SHA-256:92A4F5ABD3EC81C4641E9423DF767B15297BAE9811C9BCF9710DD289750ABFF6
                                                                                                                                                                                                                                                                          SHA-512:3C4708AC56CCF0151BC4AD7E8B166539B2C4158E6980AB98B094100385CD6F9F71D870E830C05B4605F8F0884D3FCF90E88E2339AFFF1662AA87280D1F82B74C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c............" ..0.............>.... ........... ....................... ............`....................................O......................................T............................................ ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........-................................................................{P...*:.(Q.....}P...*..0..)........u..........,.(R....{P....{P...oS...*.*.*v >.". )UU.Z(R....{P...oT...X*..0..:........r...p......%..{P......%q.........-.&.+.......oU....(V...*...0.................(....r3..p(W.....(X...-..(Y...(....sZ...rk..po[.....-.*.s......o....,9.o......o\...o]...,%.o........(^...,..o........(_...(....*.~....*6.(..........*.~....*.......*.~....*.......*.~....*.......*....0..*.......

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\AppResource.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4304256
                                                                                                                                                                                                                                                                          Entropy (8bit):7.919319213482609
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:naDAdFvHKh3d2qyStLtgwYpbxI+fA9tUvJpfAM/tTV8sS1p8mW:Inh3EVSZ+jpFIcHxxu1pBW
                                                                                                                                                                                                                                                                          MD5:55F2939C24E09FF99DC353542F2FFE80
                                                                                                                                                                                                                                                                          SHA1:C14E84F50B0A17C75080BF010D8511615F7DFF11
                                                                                                                                                                                                                                                                          SHA-256:8D7082CEDA08F4F2C4B5F64FF97C057BB1DDF76F8C30138CC541DB1A53D44284
                                                                                                                                                                                                                                                                          SHA-512:FA1DD701D91D0FA244869AB732EBFEF9CBB84172399EC70F929F8CDA26B26CCDB2658FDAA6A85F6BA3AA5F4C4E4AB875531DF5C5CA6166693BC809661813E77A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d...........!..0.......@......... ........... ........................A.......B...`.....................................O.........@..........PA..]....A.....h................................................ ............... ..H............text....~... ...................... ..`.rsrc.....@.......@.................@..@.reloc........A......NA.............@..B.......................H.......\ ..............h&...w...........................................*..(....*..BSJB............v4.0.30319......l.......#~..0...p...#Strings............#US.........#GUID.......X...#Blob...........G..........3....................................................2.8.....8...f.....X.............................R.....k...........z.....X.................g.....................6.*.A.....P ......L.....R ..............................).....1.....9.....A.....I.....Q.....Y.....a.....

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\Chinese_rbkp_ZH-CN.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):98896
                                                                                                                                                                                                                                                                          Entropy (8bit):4.918906775169864
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:PnJhaDYL/ud7Ki80vMKp7l8qHbJnRGid0I/VZVJ+nB8waDH8a7+hW1V/VesCax:SpT9AiUA1qc
                                                                                                                                                                                                                                                                          MD5:3BF453CD30BDCDA1018CC77A77C98F52
                                                                                                                                                                                                                                                                          SHA1:B4D6BB29A1DF3D78F8E12D81941D5CC8226775DC
                                                                                                                                                                                                                                                                          SHA-256:7D1E1DB1E0115503792DD396BD51120243FF282BB22525BFCC2627608E459DDE
                                                                                                                                                                                                                                                                          SHA-512:24B61DAF32CE0602FD49FA53ED0539987BBF340AB488B795F846E0A15E034C35B2A943AC7DB249D6AFEDD5BF5B4F6CBD002EBB5FF3CE3C5AB751DCE4BD69FE7F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. ...._/e.c......I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=..\le.v(u7b........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. ..S.O.b.v....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.a.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ....QsQ.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .R.i.g.h.t. .B.a.c.k.u.p. .sQ..e...Q.T.S.Y.N.g.R....I.D.S._.S.H.O.W._.N.E.T.W.O.R.K._.D.R.I.V.E. .=. .>f:yQ..~q..RhV....I.D.S._.E.U.L.A. .=. .E.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\Chinese_rbkp_ZH-TW.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):99636
                                                                                                                                                                                                                                                                          Entropy (8bit):4.919925763074054
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:RJlO68WT8X5NEdsBMMVq/nsG1rfg1UqQz4znwfhKHgZwzIUJv5y1xktl:2k/s0I1Uqwxktl
                                                                                                                                                                                                                                                                          MD5:E07E03447E9EF1A69A10FBA281C996A2
                                                                                                                                                                                                                                                                          SHA1:BAC17C019D0E148954F6A039BDEBE90492A4E111
                                                                                                                                                                                                                                                                          SHA-256:323E3E519D458BE5632FB105067EA920E8F9053747902E10B7142663FA752B98
                                                                                                                                                                                                                                                                          SHA-512:2819D6CA3921DA22FE3E5328A4F32A9D6AD1472D4301D72F0FFAB9EAD50BA9191CE42891130B10687523C91D20ECBCD0AE867AA744BE924F9ED401527C8BBA7D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8. .....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .rs._/e.c......I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=..\le.v(u6b........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. ..S.Ow..v....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ....Q.......I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .R.i.g.h.t. .B.a.c.k.u.p. ....Bf...Q._.S.P.N.g.R....I.D.S._.S.H.O.W._.N.E.T.W.O.R.K._.D.R.I.V.E. .=. .>f:yQ..~q..RhV....I.D.S._.E.U.L.A. .=. .

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\FSLibRsyncWrapper.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):57216
                                                                                                                                                                                                                                                                          Entropy (8bit):6.913674950994578
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:o3+8tFzhBddwp6CUO7S8O9jdPxfjJPxJwT:Y+CFzrrayO7SP9jxxfjtxJ2
                                                                                                                                                                                                                                                                          MD5:AE2E18C3A9635CE6A55AF33D3B16D6E0
                                                                                                                                                                                                                                                                          SHA1:E356DD3A2BC7CE81AD113A0EB72494A2DD0038B3
                                                                                                                                                                                                                                                                          SHA-256:1FB897BB3639E09FADDCDE404F027267EDFB09B1B44D49F82F5D7D8AA6861963
                                                                                                                                                                                                                                                                          SHA-512:024EAE5EE5E902B4F2AAFFD21762F977A447B11D3232FE4A703ACC203BD2549A50550F4AE25F66D0C78FCDFF50E3D40C3E996E160ED81CB4830B4E2F12961923
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f3l0"R.c"R.c"R.c...c+R.c+*.c!R.c+*.c/R.c+*.c R.c+*.c'R.c"R.cjR.c+*.c.R.c+*.c#R.c+*.c#R.cRich"R.c................PE..L......Q...........!.....J...4.......S.......`......................................B.....@.........................p........|..<........................]...........a...............................{..@............`...............................text....H.......J.................. ..`.rdata..."...`...$...N..............@..@.data...d............r..............@....rsrc................t..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\Finnish_rbkp_FI.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (429), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):165918
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7012526345802725
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:1CAT9cWHsLSROq9na1w40AF2azdFmegfnzBqVFIXzThqxniVRbpTztkrVI407mCn:lr
                                                                                                                                                                                                                                                                          MD5:85626AB491D7A559F057725F8AAC7F61
                                                                                                                                                                                                                                                                          SHA1:0C81E0BF4F08CC061E33C4763E45C9FD9606C98C
                                                                                                                                                                                                                                                                          SHA-256:2570D3EADFC76E8FC146EC3BC32BF35A3B01EAB4A4C3966B176C280BE6BA22F7
                                                                                                                                                                                                                                                                          SHA-512:EDBEE0391DBDAA21FCE3B968821C54199D7FB50ABAF26C924F22E78CB57A7A93DFE7FEFE3B2EBF284D306249C17DBC80A7AD68A9182DF12354201CD0D128C713
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .P.y.y.d... .t.u.k.e.a.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.H.y.v... .k...y.t.t...j...........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .S.u.o.j.a.t.t.u.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .P.o.i.s.t.u. .s.u.l.k.i.e.s.s.a.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .P.o.i.s.t.u. .B.a.c.k.g.r.o.u.n.d. .B.a.c.k.u.p. .-.p.a.l.v.e.l.u.s.t.a.,. .k.u.n.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\HtmlRenderer.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):237568
                                                                                                                                                                                                                                                                          Entropy (8bit):5.714019605415655
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:kqBsIATMoEircg26I4ToW+0hHcyBflDind44CkmpIK5vnVjJv7xMSnVjJv7xJDDA:oTlEir326xoW+88a0dRCv
                                                                                                                                                                                                                                                                          MD5:917075F5070B39E991C073616C30FDC1
                                                                                                                                                                                                                                                                          SHA1:3BB94C04031D2CB11F970AC75D0583BE2634B9B6
                                                                                                                                                                                                                                                                          SHA-256:5AD1E7D78CE63666348B6986C8FB0619F2409E53D6D1415F6D7F3DEF68EC5F66
                                                                                                                                                                                                                                                                          SHA-512:477F42585281F575F49229279D9A5F5C8F30A67F779F084BD1910FCC7A4CC90A6A254DD1DC27372619FF1B2E8EBF0D40CE4EFE3B0D39D3F595E34BB0B16993FC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!..................... ........... ....................................@.................................`...K...................................(................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......D...............x.................................................(....s....}.....(.....{....r...p(....s....o....*"..(....*..{....*..0...........{.......o....,...o....*.*...0..'..........{.......o....,.....o....&.%-.&~....*..0...........{.......o....-.(....s......{......o......o....o....-.s.......o......o.....o....*....o....o......o......+...(.........o....,......o....+...( ...-...........o!.....-..o....-....o"...*..o....*........h.,........0...........r...p(.....o...

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\Interop.IWshRuntimeLibrary.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):49152
                                                                                                                                                                                                                                                                          Entropy (8bit):4.58482858706633
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zx3LY+sPhWVJPsedLVDUYlkXrSXVteUdzttJ2z9IkCB7QtcNg:9L9nVJEetVDUxSpvJ2z9ID73g
                                                                                                                                                                                                                                                                          MD5:44CC83891DCEE9CB4B5E813411E5F118
                                                                                                                                                                                                                                                                          SHA1:0688FB4D09EC1D62603AC805F271E4183AB42DD0
                                                                                                                                                                                                                                                                          SHA-256:BB62F2D6FC00397807B8CB40DE66467D3BE841D6D58549011FE16975BBB505A8
                                                                                                                                                                                                                                                                          SHA-512:026A55A439097F3CE9D6151F3038211E63DF30D4B38FF15A342EC1068E1556E8A91814D7D79021A901F2AE74E2F445C73487E06EB33B254E44596C87CAC89C2E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Program.Unwanted.5177.16995.23183.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Program.Unwanted.5177.16995.23183.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Program.Unwanted.5412.8929.16808.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Program.Unwanted.5412.8929.16808.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Program.Unwanted.5412.32569.27682.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Program.Unwanted.5412.32569.27682.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: HRXoZLG4ym.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....|.K...........!......... ......>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\Microsoft.SqlServer.Types.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):310624
                                                                                                                                                                                                                                                                          Entropy (8bit):5.452302232788297
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:g9ZHGYZJJs/rphbKyoE8GoPxjdBiFaPGWjvGiPP2EpPZHqjm1Dkkra/95O:g9NNZDs/rphbKyoE8d/KnM
                                                                                                                                                                                                                                                                          MD5:3185790E5CA51B09252918FF373CD2DF
                                                                                                                                                                                                                                                                          SHA1:A5EC581991369853A60DEE600B4243D1ACF3EE6F
                                                                                                                                                                                                                                                                          SHA-256:BEEB164E668B0E63A998EA9703B6111CEB2DD905403CDFC869E3335B2CCB4B79
                                                                                                                                                                                                                                                                          SHA-512:9BE35A49C57C6CBCCD89699BB99399C72E069497B381A2E06BDDA8C73926D908DFB418353B7665CC3D0FA39845083EA813E257E0F8DEA77155DF3A242B2B8A77
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p=..S...S...S...=...S......S.../...S...+...S.Rich..S.........PE..L...B2.M...........!..............................@.......................................@.....................................(.......@...............`...........................................................................,...H............text.............................. ..`.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\Microsoft.Win32.TaskScheduler.DLL (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):115200
                                                                                                                                                                                                                                                                          Entropy (8bit):5.874332503946121
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:cPHDZDQRUZiXFlbUqdRwxz+jBQu2q9jcvJH0:cPHDZkRUYXXbU44
                                                                                                                                                                                                                                                                          MD5:C757150E058428E2A0757701930C223C
                                                                                                                                                                                                                                                                          SHA1:AA162301C63621214581792B8FDE77ADF42E124C
                                                                                                                                                                                                                                                                          SHA-256:E3D4A237487E2DCD925C84559957473692BF04CD59B5F95748594345A047231E
                                                                                                                                                                                                                                                                          SHA-512:C7763F4558460092989DD393C4FEBC220E3FB5B9B13EB4AD4041623BFB527F887C09E39B5AA6C529412F6C9FA837155AE3D5D8D959211CB1452D4B4ED3966F06
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u\pK...........!................>.... ........@.. ....................... ............@.....................................W...................................@................................................ ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H...........4+...........................................................(....*.0..3.......~.....(...., r...p.....(....o....s...........~....*.~....*.......*V(....rg..p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r+..p~....o ...*V(....rA..p~....o ...*V(....rU..p~....o ...*V(....ri..p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~..

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\RBClientService.exe (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):471936
                                                                                                                                                                                                                                                                          Entropy (8bit):7.397257431205326
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:PtYURNO9P7mMWoK3hrb7PHftyfALprklsuTrOfg5j7rwFuZh2fyXoSyN8CEN:PtHjO5Qn3IVss3/Vr2fGDua
                                                                                                                                                                                                                                                                          MD5:E3EDEEE8F3B5C66ED697C231F0DDB056
                                                                                                                                                                                                                                                                          SHA1:79ABB1C470BA7C3B64EEFDA62F197C445BFEC019
                                                                                                                                                                                                                                                                          SHA-256:3FB58C704599A0C1D74172D80CE8E78DA3615F24955B9D0B797928EA71DCE9DC
                                                                                                                                                                                                                                                                          SHA-512:358D2C5FEB4CE08C7C2DE5687C403B9B036CE252B7BA35FBFA995A1FF44B84FEAD98F32CAA53B97BC2263B34028A989FC0A97D3C3BF9E09A945F061153F28B06
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d..............0.............N.... ........@.. .......................@......w.....`.....................................K.......L................]... ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...L...........................@....reloc....... ......................@..B................0.......H...........H...........`0.....7........................................(<...(....*:+.(. Pm.(1...*..0.............*A4......-...%...R...2...........-...W.......7........0.............*.0.............*.0.............*A4..................n...............3...a...s........0.............*......-.e.........-....7.....0.............*......-.e.........-....7.....0.............*......-.e..z......-....7.....0.............*.0.............*.0.............*....*....(<...(+...*....*..."...

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\RBClientService.exe.config (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6643
                                                                                                                                                                                                                                                                          Entropy (8bit):5.373683849494868
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:kQr72cOd0EcLGMtfOkquWrrKS/ppsJ+J/qJtDTQ:rlOd0EciMtfdW
                                                                                                                                                                                                                                                                          MD5:D33A5CF05248C903E77BBAA7D8578238
                                                                                                                                                                                                                                                                          SHA1:3B7F9D7F3B08835721DF61FEEA947F10A3798A6B
                                                                                                                                                                                                                                                                          SHA-256:83847438C0E04CA7D5EDEC2A1885DCA7D6120BD26962B014AE4C2E70E3884613
                                                                                                                                                                                                                                                                          SHA-512:DCE74F7FEA8BDBE577745DBCEFC55608D6BDDD5D74645602626198A6D1F5CB0C20BF7482C6B7F2D9C47087DA00347CA84711E4848D0944AA2C84CA6AC37D2C21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>.. <requiredRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. http://support.microsoft.com/kb/936707.. http://social.msdn.microsoft.com/Forums/vstudio/en-US/db3a6268-3f45-4b72-87f0-f27cfab274b7/digitally-signed-net-service-on-windows-vista-fails-to-start?forum=clr -->.. <generatePublisherEvidence enabled="false"/>.. </runtime> .. <appSettings>.. <add key="alvm" value="1" />.. .. .. <add key="UPDATE_URL_COUNT" value="3" />.. <add key="UPDATE_PRODUCT_SHORT_NAME" value="spro" />.. <add key="UPDATE_PARAMS_BASIC" value="?productname={0}&amp;currentapplicationid={1}&amp;currentdbversionid={2}" />.. <add key="UPDATE_PARAMS_ADVANCED" value="regver={3}&amp;machineid={4}&amp;key={5}&amp;username={6}&amp;daysleft={7}" />.. <add key="PRODUCT_LEARN_MORE" value="htt

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\RBNotifier.exe (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):316288
                                                                                                                                                                                                                                                                          Entropy (8bit):6.229742954384071
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:CV738Ejxpv/BA2LytZkIKM78gynsDsYdYWT3WvADQW12FLLMzRK9Yejkx9DjBxQ:C8IxZPSZBT3Ty3ME95yo
                                                                                                                                                                                                                                                                          MD5:9224B0817D3684EAE9E20804F29D3DED
                                                                                                                                                                                                                                                                          SHA1:6067A67CDF98FFCBE10C76622BE5805AA716F484
                                                                                                                                                                                                                                                                          SHA-256:9BF7B04F600DE9529E9E6FAE415DE093A7EAB961661B1EA25E0096DE0B726D6D
                                                                                                                                                                                                                                                                          SHA-512:0EF71FC28DE31E704811D58BFB423AD1FFE08343CBF1C692AA62649E8EE69EDBE82C5EDF44317B90E5800395D1663E67627589AEE04A461EDB40C1F8B50C65B3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............0.............n.... ........@.. ....................................`................................. ...K...................v...]........................................................... ............... ..H............text...t.... ...................... ..`.rsrc..............................@....reloc...............t..............@..B................P.......H.......h:..........O...@.../...W......................................."+.(.Xvk*...B(....(....(....*...:+.(.j+;.(....*.".......*....0.............*".......*....0.............*.0.................*.0.................*....*....0.............*....*....0.............*.0.............*.0.............*A.......1...........7...%....0............k*......).U~..%....(....(....*....*.......*.......*.......*..."... ...*.......*...".......*.......*.......*.......*.......*...".......*....(..

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\RBNotifier_log.txt

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RBNotifier.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1872
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3652118389319865
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:B8jzAu0ggb9PrAu03OBSxqAu0RAu0vDfGBDfG9:BYk8gxPMqAJWzO2
                                                                                                                                                                                                                                                                          MD5:BEA87AFBC2EAC2D44A7F8C52ADDECEFA
                                                                                                                                                                                                                                                                          SHA1:10089FECCC19F54D01C83F2CB919F44CB750A26A
                                                                                                                                                                                                                                                                          SHA-256:2EFF6F60C4857D5699697013A621C837749CED0379ADD30FAE1016042F4C4960
                                                                                                                                                                                                                                                                          SHA-512:83EB45E6687701CC7B92D631410CD3742E058CDC44A5CED8312DBE370E07671DB279C29D6FFE07F10C13527FA3A5072E812A9585E2612A9B0994DAC67AF47322
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.19/04/2024 01:33:42.257|Load INI..19/04/2024 01:33:42.288|args: createschedule -fireurlsilently..19/04/2024 01:33:42.319|WinSingleInstance..19/04/2024 01:33:42.335|..********** Application Launched **********..19/04/2024 01:33:42.335|AppMutex:Global\RightBackup_E9AC93B9-E733-40A8-9338-47A4909521B7..19/04/2024 01:33:42.616|UPDATELINK:: https://activate123.com/rightbackup/notifier/update.asp..19/04/2024 01:33:42.648|UPDATELINK:: https://activate123.com/rightbackup/notifier/update.asp..19/04/2024 01:33:56.429|ExecutablePath:: C:\Program Files (x86)\Right Backup\RBNotifier.exe..19/04/2024 01:33:56.444|Environment.OSVersion.Version.Major:: 6..19/04/2024 01:33:56.460|Environment.OSVersion.Version.Major:: 6..19/04/2024 01:33:59.878|Load INI..19/04/2024 01:33:59.894|args: startup neweventtrigger..19/04/2024 01:33:59.910|WinSingleInstance..19/04/2024 01:33:59.910|..********** Application Launched **********..19/04/2024 01:33:59.910|AppMutex:Global\RightBackup_E9AC93B9-E733-40A8-9338-47A49095

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\RightBackup.exe (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6809984
                                                                                                                                                                                                                                                                          Entropy (8bit):7.700271248385809
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:akmNZAB8y+54DSir5+mSmC9zvsjaya7BQUdD92fKwfE/T:akmNKuOLNCBTJxdD92fg/T
                                                                                                                                                                                                                                                                          MD5:0E1DC3C18FD7BE48BDC6664E40705E1C
                                                                                                                                                                                                                                                                          SHA1:9970771751164BAEE9DB8E7503A3730D4A9233F0
                                                                                                                                                                                                                                                                          SHA-256:74A4B5D88F74B394C78E21578D1C59CCE0D0154E34A2E7F2CF3F6247F6AB0B7D
                                                                                                                                                                                                                                                                          SHA-512:EA5B39B2C400211D3BF2694E4F0551083D408A9B73D78B5F24DD143FFBE0A4C4B29FCF68BD12C04FE4E32548289612948AE1135FED615DE1649AFBA7E9C14ED8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d..............0...e.........>.f.. ... f...@.. ........................g.......h...`...................................f.K.... f...............g..]....g.......f.............................................. ............... ..H............text...D.e.. ....e................. ..`.rsrc........ f.......e.............@....reloc........g.......g.............@..B................ .f.....H........@..........0........(L.(.f......................................([S..(PS..*....*.......*.......*.......*.......*.......*.......*....0.............*.0.............*.0.............*.0.............*.([S..(PS..*....*.......*.......*.......*.......*....0.............*....*....0.............*.([S..(PS..*....*.......*....0.............*.([S..(PS..*....*.......*.......*.......*....0.............*....*....([S..(&...*....*.......*.......*.......*.......*....0.............*....

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\RightBackup.exe.config (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6643
                                                                                                                                                                                                                                                                          Entropy (8bit):5.373683849494868
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:kQr72cOd0EcLGMtfOkquWrrKS/ppsJ+J/qJtDTQ:rlOd0EciMtfdW
                                                                                                                                                                                                                                                                          MD5:D33A5CF05248C903E77BBAA7D8578238
                                                                                                                                                                                                                                                                          SHA1:3B7F9D7F3B08835721DF61FEEA947F10A3798A6B
                                                                                                                                                                                                                                                                          SHA-256:83847438C0E04CA7D5EDEC2A1885DCA7D6120BD26962B014AE4C2E70E3884613
                                                                                                                                                                                                                                                                          SHA-512:DCE74F7FEA8BDBE577745DBCEFC55608D6BDDD5D74645602626198A6D1F5CB0C20BF7482C6B7F2D9C47087DA00347CA84711E4848D0944AA2C84CA6AC37D2C21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>.. <requiredRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. http://support.microsoft.com/kb/936707.. http://social.msdn.microsoft.com/Forums/vstudio/en-US/db3a6268-3f45-4b72-87f0-f27cfab274b7/digitally-signed-net-service-on-windows-vista-fails-to-start?forum=clr -->.. <generatePublisherEvidence enabled="false"/>.. </runtime> .. <appSettings>.. <add key="alvm" value="1" />.. .. .. <add key="UPDATE_URL_COUNT" value="3" />.. <add key="UPDATE_PRODUCT_SHORT_NAME" value="spro" />.. <add key="UPDATE_PARAMS_BASIC" value="?productname={0}&amp;currentapplicationid={1}&amp;currentdbversionid={2}" />.. <add key="UPDATE_PARAMS_ADVANCED" value="regver={3}&amp;machineid={4}&amp;key={5}&amp;username={6}&amp;daysleft={7}" />.. <add key="PRODUCT_LEARN_MORE" value="htt

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\STBackupclient.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2512768
                                                                                                                                                                                                                                                                          Entropy (8bit):7.365157854805799
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:czPelj5WFP0zOxTjUC6cEvQ1IAT+F1gESu66a5:ca3WFP0KxTjUC7EvsGb6j
                                                                                                                                                                                                                                                                          MD5:4318680CD2C6C1B58EB3689AFB2B257D
                                                                                                                                                                                                                                                                          SHA1:4A72B5A6BDB17A70AF84749657F521CA8C7B7C84
                                                                                                                                                                                                                                                                          SHA-256:D1BCBEA0E7314A7626E6CDC3D1F8B21C211BA82FE4CC744DC906D011FB520C7C
                                                                                                                                                                                                                                                                          SHA-512:F6E548E0C6101F6C23656852B7C1FEC184155AFDDB84DA6FC51590C3DF3186AC736D2540B9632B6F83007BDB1DEC43A6176C7629BA2DA8D97A5EF7554C87A4FE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..0...%...........&.. ... &...@.. .......................`&.....9.'...`...................................&.K.... &...............%..]...@&.......&.............................................. ............... ..H............text...4.%.. ....%................. ..`.rsrc........ &.......%.............@....reloc.......@&.......%.............@..B..................&.....H.......((..$...........L...U.....&......................................(.#..(....*:+.(.DGF.(.#..*.....*.......*....0.............*....*....0.............*.0..........(.#.. ........8........E....4...............8/...(.#.. ....8....*(.#.. ....~....:....& ....8....(.$.. ....~....9....& ....8.........*.......*.......*.......*.......*....0.............*....*....0.............*.0..........(.#.. ........8........E....b...C...$.......8]...(.#.. ....~....:....& ....8....(.#.. ....~z

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\SevenZipSharp.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):263680
                                                                                                                                                                                                                                                                          Entropy (8bit):6.286231034922499
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:eJYNeCC7/OqvXSM/pREDrDOFVBsfAFRjpSJioYREXhNH:eJog/OqvXJREDv0BsfAFbQ
                                                                                                                                                                                                                                                                          MD5:4C0309576B4F66DDEABC5759133B4D86
                                                                                                                                                                                                                                                                          SHA1:D6EA50AB218F871E7C610F4C3FE59A4343BCB449
                                                                                                                                                                                                                                                                          SHA-256:B90660F0D0D736B1B02C3D04BC72926361760E6B1A267C5917A5058D5C1F9AB0
                                                                                                                                                                                                                                                                          SHA-512:82ED11A7991960E849203612310E9BD148E2F87DC2E89346FA767BBA6595836DFF0380F82E640567430ADB823F434A2117A36FB7B044A8BC654290DBCFC62131
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+NyK...........!..................... ... ....@.. .......................`............@.....................................K.... ..@....................@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H...........................n...........................................>.r...p(.......*>.r...p(.......*.0.......... .....5..........6........r;..p....rC..p...........~.......~.........+0....c.Y.._b...+.~.........X...X.........-....X...........-..*.0...............7...}..... ......7...}..... ......g...}.........g...}..... ......g...}.........g...}.........g...}.........g...} ....s0...}!....s4...}".... $.....7...}#.... ..........}$.....r..g...}%.......:...}&.... .....7...}'...

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\System.Core.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):667648
                                                                                                                                                                                                                                                                          Entropy (8bit):5.660787270041257
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:V6yMr1GyFfYI+9XpmXQqeng4HyWgRZuvuSzJTemyuFV3ovUJAgq04/pB6FAXZfJI:V67rFfYI+9Xpm+ngpWj2GmXI1xp
                                                                                                                                                                                                                                                                          MD5:5B7BD8F5F22917C449E16AE4B64AB7A2
                                                                                                                                                                                                                                                                          SHA1:5A4F9A204AE11330975D4AA5A9C3E8FDC493B1F2
                                                                                                                                                                                                                                                                          SHA-256:0848A7A4B79D05C16C03EE8A8F140A909CED55B22A4B037387E9584E863DC971
                                                                                                                                                                                                                                                                          SHA-512:E476EEB4B722132D943A182F487A28AE6CC57A30B887A1E2831E2EC2782087A7742B914932736EA84E482BC8FFC3B82D480100C3909BA43293B55426F3DBC788
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Gb.O...........!......... ........... ... .....l. .......................`......t.....@.....................................O.... ..8....................@......$................................................ ............... ..H............text........ ...................... ..`.rsrc...8.... ......................@..@.reloc.......@....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\System.Data.DataSetExtensions.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):53248
                                                                                                                                                                                                                                                                          Entropy (8bit):4.66394629155422
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:V3Pxm9GpBHJ2jIMB8mEuR63zFEGibuzFiJzBRi/c:VU9CBgcbmEuWzFEGibvvX
                                                                                                                                                                                                                                                                          MD5:3BE6910A70806530D0FD6B59071C9EEC
                                                                                                                                                                                                                                                                          SHA1:8E7026F2E13BEEAAA15719AA2A6497226322B3C9
                                                                                                                                                                                                                                                                          SHA-256:210D821A41D90217CC09F604777D62A2B7A7FAC215BB0EAF692A9E26E8F2C23B
                                                                                                                                                                                                                                                                          SHA-512:A5AECCB8485035CEC69610EFAA2F57E4BD1F4E4F2117A0B7EE38583476FA969C94903636B8786063E60E972A12F8F06FAE8DED52E5584A7C1728CE4B219E361A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b.O...........!......... ......n.... ........Cl. ..............................f~....@.....................................O.......X............................................................................ ............... ..H............text...t.... ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):886272
                                                                                                                                                                                                                                                                          Entropy (8bit):6.8527236409195655
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:4QOzN2/IHPxPbx8YwkbXFl8a6PifS8t7YncnfrDc2Z0dwMHs9nFNFGFOFwcGF6cE:HukIHPJKYLvFGifS8t7uczrfD
                                                                                                                                                                                                                                                                          MD5:9892E0D72EEDF3DA1CDCFDAC318D556C
                                                                                                                                                                                                                                                                          SHA1:D93A5A27C601F9EA5A7FC1E8F2AD594BCFD1DDC0
                                                                                                                                                                                                                                                                          SHA-256:AF7E21907304CCAD550B6CCDB02464CBC163FA0E222EAD0594570E70360212B4
                                                                                                                                                                                                                                                                          SHA-512:ECB975B161AEBE4FD5F37C15E87F7E3706B8418779D1FCDBF233F6B2DDAA7323CA755684E33D280CC29165587967942B428AFEC6F0C35D80B677837CC073D24C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........yIi.*Ii.*Ii.*@.3*hi.*@."*ri.*@.4*7i.*W;3*Ji.*n..*Li.*Ii.*1i.*@.<*Ki.*@.%*Hi.*W;#*Hi.*@.&*Hi.*RichIi.*........................PE..L.....lJ...........!................"...............................................m...............................0...)...<...<................................@..................................`Z..@.......................@.......H............text...(........................... ..`.rdata..Y8.......:..................@..@.data....K...0..."..................@....rsrc................>..............@..@.reloc...C.......D...B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\System.Runtime.Serialization.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):970752
                                                                                                                                                                                                                                                                          Entropy (8bit):5.526118794552923
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:n7W4U08be2MMskFq0co5hVtCcTzlaBN0CyHDVfdcnjmFSxpzZ2hLx2bLbN7Go:n7JoMkFq0Ph38yCuJdDaV2hLx2bLbN7
                                                                                                                                                                                                                                                                          MD5:88F604C7E657738234B05A0AA8D1FDA0
                                                                                                                                                                                                                                                                          SHA1:F2B1D1E23DFC6CE1175B4E1CFC72DB92AD8AA595
                                                                                                                                                                                                                                                                          SHA-256:170998E8FC475DCEFA3A628FFA9CF3370F32A41EB01B9B2FC44B866C7D1692B0
                                                                                                                                                                                                                                                                          SHA-512:69D355A3F830A67990106A894D8375B456FEE94B00925E35F7FDA33C1E55A91CE9F6B2C22BA3264B0113E7312008088715597A599C522301C2B567BADC9EAF91
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`^dP...........!................n.... ........Sy. ..............................k.....@.....................................O.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\System.Threading.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):387408
                                                                                                                                                                                                                                                                          Entropy (8bit):6.245055544213165
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:mH4bNycoylcQQAzB0ebN+pM4CHavptCyO3mEQGS/eoO4:mYbNWQQAzB0e176veD3mPh/O4
                                                                                                                                                                                                                                                                          MD5:F5EE17938D7C545BF62AD955803661C7
                                                                                                                                                                                                                                                                          SHA1:DD0647D250539F1EC580737DE102E2515558F422
                                                                                                                                                                                                                                                                          SHA-256:8A791AF9E3861E231662B657098A823B21A084CBB6A4901D6CCF363405849A78
                                                                                                                                                                                                                                                                          SHA-512:669A89AD811CDA4F3FF4AA318AA03E26E4CB41EA22BC321BAD02A671273D867CBD223A64BB30DA592A5484A9F1CEC77C96F5BF63B1FE586B6D3688B8C9DA530C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.RM...........!................N.... ........@.. .......................@......>,....@.....................................O.......................P.... ......t................................................ ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H........R..X...................P ......................................QN..u...I..k.i.(..7[..-.J.C.H....................O.,.gi...FuSH.. .A../...##K4%t.]..-o.b.xA..*......2^s....6.k|.u.T...*.*.*.*V.r...p(@...,.r9..p*.**.(A.....R*..(B...*&..(B...R*"..(C...*"..(D...**...(C...R*..(E...*r.(E....-.r...psF...z..}G...*....0.. ........{G...oH..........{G.....o.....*..{....*"..}....*F.r...p(....(M...*"..(M...*&...(N...*:.(......(....*>..(......(....*B...(......(....*&...(O

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\danish_rbkp_DA.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (393), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):164150
                                                                                                                                                                                                                                                                          Entropy (8bit):3.718671819270708
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:Rx55+JVe5A3YFmnevO8mkh+gi+bifnl+0dgOdBQi6RvDXGsq2cGil7S:Qkf
                                                                                                                                                                                                                                                                          MD5:7831CD55A129C20D892FC5E2D4CA11FF
                                                                                                                                                                                                                                                                          SHA1:1C210D03BDFC5EDAB68E0D3A862D1C9C56BDC3E0
                                                                                                                                                                                                                                                                          SHA-256:AB54509E620CCC949CD048B6E38C33E3689F9CBC58FD8C9B285C3ECF25F24148
                                                                                                                                                                                                                                                                          SHA-512:1912998DDABBC56F62D104D1830F646D31F788720A9CA80A8C541735482B2865308E2B3B4CD90EE12881CDEF9585BEB11073A1C7D789C5FF776BF5B47873EB7B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .F... .s.u.p.p.o.r.t.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.K...r.e. .b.r.u.g.e.r.............[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .B.e.s.k.y.t.t.e.t.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .F.o.r.l.a.d. .v.e.d. .n.e.d.l.u.k.n.i.n.g.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .A.f.s.l.u.t. .B.a.c.k.g.r.o.u.n.d. .b.a.c.k.u.p. .s.e.r.v.i.c.e.,. .n...

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\dutch_rbkp_NL.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (342), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):162274
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7164296389537688
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:7pMqV8NaO9WGxRRIYo12oapTIVgGFLh2S4ocLLEy0mGzMIrIlyEKuxwr9nduBq6K:sdOKJGdJT
                                                                                                                                                                                                                                                                          MD5:00DA31D2D16B7DA3595271338DCCDC17
                                                                                                                                                                                                                                                                          SHA1:D1B3A2AEEA9B919C4D768EC53E90E708D72F1C97
                                                                                                                                                                                                                                                                          SHA-256:238112DE07CD640B08655B9472B1C48F27F8D4C10EC99011B663F3159F643D1C
                                                                                                                                                                                                                                                                          SHA-512:2B34D54716C1F4056ACFF612126BC3479970CDE5E8E1A39477225BF916A6E21068AD439F3DC2A933F15F552A16AF05F1CAA6B6B6716827E5D778B8A9A17F5978
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.n.d.e.r.s.t.e.u.n.i.n.g.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s.....I.D.S._.R.B._.U.S.E.R.=.B.e.s.t.e. .g.e.b.r.u.i.k.e.r.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .B.e.s.c.h.e.r.m.d.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .B.i.j. .a.f.s.l.u.i.t.e.n. .v.e.r.l.a.t.e.n.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .S.l.u.i.t. .d.e. .b.a.c.k.-.u.p.s.e.r.v.i.c.e. .o.p. .d.e. .a.c.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\eng_rbkp_en.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Generic INItialization configuration [RBACKUP_STRINGS]
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):79669
                                                                                                                                                                                                                                                                          Entropy (8bit):5.462593213060673
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:qgmM8j+2v1cnYTyM9grGfKzs2Fs1L08DUxK:3mM8Zv1IY+IfKzsZNYK
                                                                                                                                                                                                                                                                          MD5:1CD2445702344D2299DC35A916B1F2D5
                                                                                                                                                                                                                                                                          SHA1:C78932641E68EDC7AE83DEB08DB3EB32BE035966
                                                                                                                                                                                                                                                                          SHA-256:6B4BE7AC361095D55E5961A6D8F765ACB046EB5DB4AF260EC8111694933B9619
                                                                                                                                                                                                                                                                          SHA-512:E0C175DECD65D591DE05115377F134849416A76D74775E345AB7EF87DA0764590A8F56217816706DAA4F5767F9A89AE7C2433699A039F54540122DEE1353D533
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[constants]..IDS_LIVE_PHONE=(800) 871-7918..IDS_LIVE_INTERNATIONAL_PHONE=+1(800) 871-7918..IDS_DU_APP_NAME=Right Backup..IDS_GET_SUPPORT = Get Support:..IDS_OS_DETECTED=Windows ..IDS_RB_USER=Dear User....[RBACKUP_STRINGS]....IDS_PROTECTED = Protected..IDS_PROD_REC_SETTING = Show other product recommendations..IDS_EXIT_SETTING = Exit on Close..IDS_EXIT_BKSERVICE_SETTING = Exit Background backup service when Right Backup is closed..IDS_SHOW_NETWORK_DRIVE = Show Network Drives..IDS_PROTECTION_STATUS..= Protection Status..IDS_PROTECTION_INFO_TOOLTIP = Protection Status indicates how much of your data is backed up and protected.....IDS_BACKUP_PRIORITY_INFO = Priority is based on global usage. Documents are considered as high priority, however the user can take backup in their preference order.....IDS_EULA = EULA..IDS_PRIVACYPOLICY = Privacy Policy..IDS_UNINSTALLGUIDELINE = Uninstall Guidelines....IDS_SUPPORTPOPUP1 = Call us Toll Free 24x7..IDS_SUPPORTPOPUP2 = For any system related items y

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\french_rbkp_FR.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (425), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):178060
                                                                                                                                                                                                                                                                          Entropy (8bit):3.722986058316867
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:oB66Ijmrh9Ye2Q+mL6bw4Px+x6M/TY3X+BsQTrha4Xc5/61oPv0d7pK/Xl:nmor+xz/T/T1argd4/Xl
                                                                                                                                                                                                                                                                          MD5:EDF88D02496B83DF495C3F465F20EA94
                                                                                                                                                                                                                                                                          SHA1:5698BD4477BA2763DEA30515CD8A1BC5E379EC40
                                                                                                                                                                                                                                                                          SHA-256:649571C4B0BEFE927205EACE3E3E400F129CB998C848DD7954E6F05360E49B2F
                                                                                                                                                                                                                                                                          SHA-512:A0C8D2893CB937BCC124164943BD97C3AE7CBABE66E3EBF18B51DFD49862AA590E6598DD0A33460AD95D5B46A7012B1CAD82CCCC641A34AB5CAFDC269BD6E5F5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.b.t.e.n.i.r. .d.e. .l.. a.s.s.i.s.t.a.n.c.e...:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.C.h.e.r. .u.t.i.l.i.s.a.t.e.u.r.,. .c.h...r.e. .u.t.i.l.i.s.a.t.r.i.c.e.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .P.r.o.t...g.......I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .Q.u.i.t.t.e.r. ... .l.a. .f.e.r.m.e.t.u.r.e. .d.u. .p.r.o.g.r.a.m.m.e.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\german_rbkp_DE.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (415), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):180148
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7150350065771036
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:P7oIdyq5miVpNMSaQteaYcNkyafV1aapaH7gwG4F/nA3t4nbvjq1SGAMRikXd6Qs:vTfuM
                                                                                                                                                                                                                                                                          MD5:26573C64D540116000F775B11A29FA55
                                                                                                                                                                                                                                                                          SHA1:63661248DE077117F776A5B8300F1F162FD4EFE0
                                                                                                                                                                                                                                                                          SHA-256:0D57F8EB2C649E5325E5FA7B627B70F6E22303E4DCC49673637D4EF8388A0C60
                                                                                                                                                                                                                                                                          SHA-512:4CBE371DF9B5F6A2488CBE81C0C7DB92B11AFCA05D7EFDD84FABC61FB1C1825B6F603EA2C82D32A12ED60242DEA8776C726E17606359B32134D5526DB66BD449
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .V.e.r.f...g.b.a.r.e.r. .S.u.p.p.o.r.t.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.S.e.h.r. .g.e.e.h.r.t.e.r. .N.u.t.z.e.r.,.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .G.e.s.c.h...t.z.t.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .D.u.r.c.h. .S.c.h.l.i.e...e.n. .b.e.e.n.d.e.n.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .B.e.e.n.d.e.n. .S.i.e. .d.e.n. .B.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\graph.avi (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:RIFF (little-endian) data, AVI, 136 x 136, 12.00 fps, video: uncompressed
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3335168
                                                                                                                                                                                                                                                                          Entropy (8bit):5.473684616184007
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:kkpJWysp+4dysHMTOysUadSbXysi1rTPGysiXZOLyszni/lysifPEmcysiNGRysj:MnPK9tu3bRd5kdVQ4s+x9aBvpFCpXp
                                                                                                                                                                                                                                                                          MD5:7FE1CC53397AED84832D3CC9FF35117E
                                                                                                                                                                                                                                                                          SHA1:0994883BBC60D2A5B04C9049D7F405614E7A3AED
                                                                                                                                                                                                                                                                          SHA-256:DB7BDCB9DB3590B9202D2D9349CDD3A54C0B184967D0ED9E63EF9F3AFF32C692
                                                                                                                                                                                                                                                                          SHA-512:8CAF0BCD6FF57B590B0AA71A66A466FBA793065C0FD360168D76F4047845581F14C5D6959090C990C861652E1157046405D7B3EAE90FFABD2B4C73226BE38E3C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:RIFF..2.AVI LIST ...hdrlavih8....E...)..........<.......................................LIST....strlstrh8...vids............................<.......................strf....(.............................................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..................3...f.............3...3.3.3.f.3...3...3...33..333.33f.33..33..33..3f..3f3.3ff.3f..3f..3f..3...3.3.3.f.3...3...3...3...3.3.3.f.3..3...3...3...3.3.3.f.3...3...3...f...f.3.f.f.f...f...f...f3..f33.f3f.f3..f3..f3..ff..ff3.fff.ff..ff..ff..f...f.3.f.f.f...f...f...f...f.3.f.f.f..f...f...f...f.3.f.f.f...f...f.........3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..................3...f...................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f......3..f................3...f..................3...f...................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f..

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\graph_red.avi (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:RIFF (little-endian) data, AVI, 136 x 136, 12.00 fps, video: uncompressed, audio: uncompressed PCM (stereo, 48000 Hz)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4298460
                                                                                                                                                                                                                                                                          Entropy (8bit):5.315518715849486
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:VQworwmUcmz19DMaX0upudCDkZ20CQdMT:VQworwmUcmz19DMaX0upudCDkZ20CQdC
                                                                                                                                                                                                                                                                          MD5:352E47AB4633DB0E122CE8FB09F441E0
                                                                                                                                                                                                                                                                          SHA1:1DF2CDD9F1E2F6AC027571DEA9954C3CF9CD0AC3
                                                                                                                                                                                                                                                                          SHA-256:99C698C3E9F6088700C3DC52E873AF820D62164D15A8D0AE33458C1B4784CD56
                                                                                                                                                                                                                                                                          SHA-512:4FCF6820F81EBD16D99089F25D9073B0602793131E1AF5B8B52240674EE1DC1CAFEE6D07B0CBA91869748B5E8F396036E1B482F43DC62148FAFABF5C502C8A1D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:RIFF.A.AVI LIST$...hdrlavih8....E..............<.......................................LISTt...strlstrh8...vids............................<.......................strf(...(.......................T.Wj!..........LIST\...strlstrh8...auds.....................................'..............strf....................FIEL....FIEL..............Cr8rT......T...............................................Adobe After Effects CC 2018 (Wi.LISTV...INFOICRD....2023-05-09T12:08:27.112398..ISFT&...Adobe After Effects CC 2018 (Windows).LIST....Tdattc_O....0.tc_A....0._PMX....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c144 79.162045, 2018/01/23-06:05:52 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:xmp="http://ns.a

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\greek_rbkp_EL.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (431), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):189044
                                                                                                                                                                                                                                                                          Entropy (8bit):4.424518380052606
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:vzlUFWki679Tgt65rZGK/Xw8Q64sXF+qX3jFksDiAqETDqh7H2:yLF/XwnlWDD
                                                                                                                                                                                                                                                                          MD5:0E37946883D1F53B30607754ABED5A89
                                                                                                                                                                                                                                                                          SHA1:8B25A25276AFA4037DC30BBF59C1B9D3812FF508
                                                                                                                                                                                                                                                                          SHA-256:652259169A657A3C17C82E2506355FD7708EB5DF381BCCE1E76CAF8C1067E3BF
                                                                                                                                                                                                                                                                          SHA-512:1D66B4C0C229EFE653E85A73240AEB12B255068965A03A885AD90D664BE689553B60C07161610EBC28CAD1DE1D99EFF3174333268EF220CC97E157143473D7D8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .....................:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=............... .....................[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .......................I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ............. ....... .....................I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. ............................... ........... ....... ....... ...............

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-10V6O.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (380), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):161692
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8650337131984847
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:vCLLS6vxFHTZERWQA/DTBn3Py2ubcG/yxQSR4kug/4KCP/vjPhTzR1zlIwsr+F76:ju
                                                                                                                                                                                                                                                                          MD5:4D0A76CA9640A6F1B1236237ADFF7D2F
                                                                                                                                                                                                                                                                          SHA1:EBE6D1787E010419CB9DF955B2E3561F9657A4A6
                                                                                                                                                                                                                                                                          SHA-256:7CF929EFA4367D9129D7C4CF25E12AD5CF6AA7A85BE40961556FA93B710C44BA
                                                                                                                                                                                                                                                                          SHA-512:8977095AB2B674918BCBBFD8F9245184EB6F1AB9A82E14B41318DBE446B1B389B0EA2C0A416D5F8B8FA8CC78547623F7FDD1528DB4211902B4DEFFBEA3B01A7A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .D.e.s.t.e.k. .A.l.1.n.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.S.a.y.1.n. .K.u.l.l.a.n.1.c.1.m.1.z.,.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .k.o.r.u.m.a.l.1.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .K.a.p.a.t.1.l.d.1...1.n.d.a. ...1.k.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .S.a... .Y.e.d.e.k.l.e.m.e. .k.a.p.a.t.1.l.d.1...1.n.d.a. .A.r.k.a.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-1OA4D.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):316288
                                                                                                                                                                                                                                                                          Entropy (8bit):6.229742954384071
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:CV738Ejxpv/BA2LytZkIKM78gynsDsYdYWT3WvADQW12FLLMzRK9Yejkx9DjBxQ:C8IxZPSZBT3Ty3ME95yo
                                                                                                                                                                                                                                                                          MD5:9224B0817D3684EAE9E20804F29D3DED
                                                                                                                                                                                                                                                                          SHA1:6067A67CDF98FFCBE10C76622BE5805AA716F484
                                                                                                                                                                                                                                                                          SHA-256:9BF7B04F600DE9529E9E6FAE415DE093A7EAB961661B1EA25E0096DE0B726D6D
                                                                                                                                                                                                                                                                          SHA-512:0EF71FC28DE31E704811D58BFB423AD1FFE08343CBF1C692AA62649E8EE69EDBE82C5EDF44317B90E5800395D1663E67627589AEE04A461EDB40C1F8B50C65B3
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Right Backup\is-1OA4D.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............0.............n.... ........@.. ....................................`................................. ...K...................v...]........................................................... ............... ..H............text...t.... ...................... ..`.rsrc..............................@....reloc...............t..............@..B................P.......H.......h:..........O...@.../...W......................................."+.(.Xvk*...B(....(....(....*...:+.(.j+;.(....*.".......*....0.............*".......*....0.............*.0.................*.0.................*....*....0.............*....*....0.............*.0.............*.0.............*A.......1...........7...%....0............k*......).U~..%....(....(....*....*.......*.......*.......*..."... ...*.......*...".......*.......*.......*.......*.......*...".......*....(..

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-2DNNP.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4304256
                                                                                                                                                                                                                                                                          Entropy (8bit):7.919319213482609
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:naDAdFvHKh3d2qyStLtgwYpbxI+fA9tUvJpfAM/tTV8sS1p8mW:Inh3EVSZ+jpFIcHxxu1pBW
                                                                                                                                                                                                                                                                          MD5:55F2939C24E09FF99DC353542F2FFE80
                                                                                                                                                                                                                                                                          SHA1:C14E84F50B0A17C75080BF010D8511615F7DFF11
                                                                                                                                                                                                                                                                          SHA-256:8D7082CEDA08F4F2C4B5F64FF97C057BB1DDF76F8C30138CC541DB1A53D44284
                                                                                                                                                                                                                                                                          SHA-512:FA1DD701D91D0FA244869AB732EBFEF9CBB84172399EC70F929F8CDA26B26CCDB2658FDAA6A85F6BA3AA5F4C4E4AB875531DF5C5CA6166693BC809661813E77A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d...........!..0.......@......... ........... ........................A.......B...`.....................................O.........@..........PA..]....A.....h................................................ ............... ..H............text....~... ...................... ..`.rsrc.....@.......@.................@..@.reloc........A......NA.............@..B.......................H.......\ ..............h&...w...........................................*..(....*..BSJB............v4.0.30319......l.......#~..0...p...#Strings............#US.........#GUID.......X...#Blob...........G..........3....................................................2.8.....8...f.....X.............................R.....k...........z.....X.................g.....................6.*.A.....P ......L.....R ..............................).....1.....9.....A.....I.....Q.....Y.....a.....

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-2T469.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (429), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):165918
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7012526345802725
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:1CAT9cWHsLSROq9na1w40AF2azdFmegfnzBqVFIXzThqxniVRbpTztkrVI407mCn:lr
                                                                                                                                                                                                                                                                          MD5:85626AB491D7A559F057725F8AAC7F61
                                                                                                                                                                                                                                                                          SHA1:0C81E0BF4F08CC061E33C4763E45C9FD9606C98C
                                                                                                                                                                                                                                                                          SHA-256:2570D3EADFC76E8FC146EC3BC32BF35A3B01EAB4A4C3966B176C280BE6BA22F7
                                                                                                                                                                                                                                                                          SHA-512:EDBEE0391DBDAA21FCE3B968821C54199D7FB50ABAF26C924F22E78CB57A7A93DFE7FEFE3B2EBF284D306249C17DBC80A7AD68A9182DF12354201CD0D128C713
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .P.y.y.d... .t.u.k.e.a.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.H.y.v... .k...y.t.t...j...........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .S.u.o.j.a.t.t.u.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .P.o.i.s.t.u. .s.u.l.k.i.e.s.s.a.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .P.o.i.s.t.u. .B.a.c.k.g.r.o.u.n.d. .B.a.c.k.u.p. .-.p.a.l.v.e.l.u.s.t.a.,. .k.u.n.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-44SVA.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (372), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):158328
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7239867149010415
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:yVmz8zBeFZ3a+Y38HzD6ZQNQnkQYIBsVPBdbqCdzD62Fu9LGIj2imAkT+YObUlxV:h
                                                                                                                                                                                                                                                                          MD5:0735DA7E11DAD4DC8085E66CF10A9C3D
                                                                                                                                                                                                                                                                          SHA1:3F3672800084AC4040AF3756F2E7BAD2566769DE
                                                                                                                                                                                                                                                                          SHA-256:E4F0D9E0F2AB82F04BB7830C4A97F14F8AD0BFD61C46F10726880F3DDF6E2294
                                                                                                                                                                                                                                                                          SHA-512:C525902BFE65BFBFBA02AEACA9496FD88F1C4D29197304CB6532AF00CF0F429C60F3FBBC5293D224EEE6D5911B66FC106DF33F803050F69E67AAF76D8302CECC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .B.r.u.k.e.r.s.t...t.t.e.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.K.j...r.e. .b.r.u.k.e.r.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .B.e.s.k.y.t.t.e.t.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .A.v.s.l.u.t.t. .v.e.d. .l.u.k.k.i.n.g.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .A.v.s.l.u.t.t. .B.a.c.k.g.r.o.u.n.d. .B.a.c.k.u.p.-.t.j.e.n.e.s.t.e.n. .n.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-5DNPD.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (425), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):178060
                                                                                                                                                                                                                                                                          Entropy (8bit):3.722986058316867
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:oB66Ijmrh9Ye2Q+mL6bw4Px+x6M/TY3X+BsQTrha4Xc5/61oPv0d7pK/Xl:nmor+xz/T/T1argd4/Xl
                                                                                                                                                                                                                                                                          MD5:EDF88D02496B83DF495C3F465F20EA94
                                                                                                                                                                                                                                                                          SHA1:5698BD4477BA2763DEA30515CD8A1BC5E379EC40
                                                                                                                                                                                                                                                                          SHA-256:649571C4B0BEFE927205EACE3E3E400F129CB998C848DD7954E6F05360E49B2F
                                                                                                                                                                                                                                                                          SHA-512:A0C8D2893CB937BCC124164943BD97C3AE7CBABE66E3EBF18B51DFD49862AA590E6598DD0A33460AD95D5B46A7012B1CAD82CCCC641A34AB5CAFDC269BD6E5F5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.b.t.e.n.i.r. .d.e. .l.. a.s.s.i.s.t.a.n.c.e...:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.C.h.e.r. .u.t.i.l.i.s.a.t.e.u.r.,. .c.h...r.e. .u.t.i.l.i.s.a.t.r.i.c.e.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .P.r.o.t...g.......I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .Q.u.i.t.t.e.r. ... .l.a. .f.e.r.m.e.t.u.r.e. .d.u. .p.r.o.g.r.a.m.m.e.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-65K01.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):57216
                                                                                                                                                                                                                                                                          Entropy (8bit):6.913674950994578
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:o3+8tFzhBddwp6CUO7S8O9jdPxfjJPxJwT:Y+CFzrrayO7SP9jxxfjtxJ2
                                                                                                                                                                                                                                                                          MD5:AE2E18C3A9635CE6A55AF33D3B16D6E0
                                                                                                                                                                                                                                                                          SHA1:E356DD3A2BC7CE81AD113A0EB72494A2DD0038B3
                                                                                                                                                                                                                                                                          SHA-256:1FB897BB3639E09FADDCDE404F027267EDFB09B1B44D49F82F5D7D8AA6861963
                                                                                                                                                                                                                                                                          SHA-512:024EAE5EE5E902B4F2AAFFD21762F977A447B11D3232FE4A703ACC203BD2549A50550F4AE25F66D0C78FCDFF50E3D40C3E996E160ED81CB4830B4E2F12961923
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f3l0"R.c"R.c"R.c...c+R.c+*.c!R.c+*.c/R.c+*.c R.c+*.c'R.c"R.cjR.c+*.c.R.c+*.c#R.c+*.c#R.cRich"R.c................PE..L......Q...........!.....J...4.......S.......`......................................B.....@.........................p........|..<........................]...........a...............................{..@............`...............................text....H.......J.................. ..`.rdata..."...`...$...N..............@..@.data...d............r..............@....rsrc................t..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-6ESI6.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):682368
                                                                                                                                                                                                                                                                          Entropy (8bit):7.174111682851083
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:WqNgd5StPTgtWoU9GlLsb7GOYAcDx0BliBeDXgUyoB:tyf+0tMIM/cD26BeDCoB
                                                                                                                                                                                                                                                                          MD5:1CA95C012774A2A2FF475E56AC0A96BB
                                                                                                                                                                                                                                                                          SHA1:1774E84D93BC9FE801BEE73A2A54608D33C1C0A6
                                                                                                                                                                                                                                                                          SHA-256:C2CA3920534AD98411CFDD1D39B9E94639FB789DE9B17B1D715AD50EDD0810C4
                                                                                                                                                                                                                                                                          SHA-512:63172C6FCC2033722E42E67EB95F8F66378545C4FB9D5EDA0FCFFB8A0DBC1578E5B721488CD7CB26B60B848D20E6993C0E64690E9021EB3A503C16FD208D46A6
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Right Backup\is-6ESI6.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Right Backup\is-6ESI6.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...........!..0..............!... ...@....@.. ..............................3Z....`.................................. ..K....@...................]...`....... ............................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................!......H......................]..p.... ......................................"+.(..Q?*...B(l...(....(....*...:+.(}L.W.(a...*.....*.......*.......*....0.............*....*....0.............*.(l...(a...*....*.......*.......*.......*.......*....0.............*....*....0.............*.(l...(a...*....*.......*....0.............*.0.............*.0.............*A.......0.......-......."....0.............*A.......3...s..........."....0.............*A4......m...R...................,...B...

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-6UOQU.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (441), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):171070
                                                                                                                                                                                                                                                                          Entropy (8bit):4.23978230342421
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:mNziasdVJfQreOuMP9NI0VcaGuXSiwAiGQTjVETlREPs+VxH:7OGLEo/VxH
                                                                                                                                                                                                                                                                          MD5:1C716BD476E366FC345616E7A03C1624
                                                                                                                                                                                                                                                                          SHA1:2E87D6BFCAD804C64DA814B4393442FCE58CEFA2
                                                                                                                                                                                                                                                                          SHA-256:61E012506FEB820C3B3DE9357791CF36DCB1E65934324C848AD3795D0371CB00
                                                                                                                                                                                                                                                                          SHA-512:5D9409FF56039A81D6C04BE03AC334775DB946F2EB463247B4CEB53633B4B80060F05192E2BB948A468E278B19A8E3E05B34DE85F23EB136367B9B06CF0400FE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. ...>.;.C.G.8.B.L. .?.>.4.4.5.@.6.:.C.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.#.2.0.6.0.5.<.K.9. .?.>.;.L.7.>.2.0.B.5.;.L.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. ...0.I.8.I.5.=.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ...K.E.>.4. .?.@.8. .7.0.:.@.K.B.8.8.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. ...K.E.>.4. .8.7. .A.;.C.6.1.K. .D.>.=.>.2.>.3.>.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-772TG.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (393), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):164150
                                                                                                                                                                                                                                                                          Entropy (8bit):3.718671819270708
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:Rx55+JVe5A3YFmnevO8mkh+gi+bifnl+0dgOdBQi6RvDXGsq2cGil7S:Qkf
                                                                                                                                                                                                                                                                          MD5:7831CD55A129C20D892FC5E2D4CA11FF
                                                                                                                                                                                                                                                                          SHA1:1C210D03BDFC5EDAB68E0D3A862D1C9C56BDC3E0
                                                                                                                                                                                                                                                                          SHA-256:AB54509E620CCC949CD048B6E38C33E3689F9CBC58FD8C9B285C3ECF25F24148
                                                                                                                                                                                                                                                                          SHA-512:1912998DDABBC56F62D104D1830F646D31F788720A9CA80A8C541735482B2865308E2B3B4CD90EE12881CDEF9585BEB11073A1C7D789C5FF776BF5B47873EB7B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .F... .s.u.p.p.o.r.t.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.K...r.e. .b.r.u.g.e.r.............[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .B.e.s.k.y.t.t.e.t.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .F.o.r.l.a.d. .v.e.d. .n.e.d.l.u.k.n.i.n.g.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .A.f.s.l.u.t. .B.a.c.k.g.r.o.u.n.d. .b.a.c.k.u.p. .s.e.r.v.i.c.e.,. .n...

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-7Q60P.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):237568
                                                                                                                                                                                                                                                                          Entropy (8bit):5.714019605415655
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:kqBsIATMoEircg26I4ToW+0hHcyBflDind44CkmpIK5vnVjJv7xMSnVjJv7xJDDA:oTlEir326xoW+88a0dRCv
                                                                                                                                                                                                                                                                          MD5:917075F5070B39E991C073616C30FDC1
                                                                                                                                                                                                                                                                          SHA1:3BB94C04031D2CB11F970AC75D0583BE2634B9B6
                                                                                                                                                                                                                                                                          SHA-256:5AD1E7D78CE63666348B6986C8FB0619F2409E53D6D1415F6D7F3DEF68EC5F66
                                                                                                                                                                                                                                                                          SHA-512:477F42585281F575F49229279D9A5F5C8F30A67F779F084BD1910FCC7A4CC90A6A254DD1DC27372619FF1B2E8EBF0D40CE4EFE3B0D39D3F595E34BB0B16993FC
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Right Backup\is-7Q60P.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!..................... ........... ....................................@.................................`...K...................................(................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......D...............x.................................................(....s....}.....(.....{....r...p(....s....o....*"..(....*..{....*..0...........{.......o....,...o....*.*...0..'..........{.......o....,.....o....&.%-.&~....*..0...........{.......o....-.(....s......{......o......o....o....-.s.......o......o.....o....*....o....o......o......+...(.........o....,......o....+...( ...-...........o!.....-..o....-....o"...*..o....*........h.,........0...........r...p(.....o...

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-83LLE.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Generic INItialization configuration [RBACKUP_STRINGS]
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):79669
                                                                                                                                                                                                                                                                          Entropy (8bit):5.462593213060673
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:qgmM8j+2v1cnYTyM9grGfKzs2Fs1L08DUxK:3mM8Zv1IY+IfKzsZNYK
                                                                                                                                                                                                                                                                          MD5:1CD2445702344D2299DC35A916B1F2D5
                                                                                                                                                                                                                                                                          SHA1:C78932641E68EDC7AE83DEB08DB3EB32BE035966
                                                                                                                                                                                                                                                                          SHA-256:6B4BE7AC361095D55E5961A6D8F765ACB046EB5DB4AF260EC8111694933B9619
                                                                                                                                                                                                                                                                          SHA-512:E0C175DECD65D591DE05115377F134849416A76D74775E345AB7EF87DA0764590A8F56217816706DAA4F5767F9A89AE7C2433699A039F54540122DEE1353D533
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[constants]..IDS_LIVE_PHONE=(800) 871-7918..IDS_LIVE_INTERNATIONAL_PHONE=+1(800) 871-7918..IDS_DU_APP_NAME=Right Backup..IDS_GET_SUPPORT = Get Support:..IDS_OS_DETECTED=Windows ..IDS_RB_USER=Dear User....[RBACKUP_STRINGS]....IDS_PROTECTED = Protected..IDS_PROD_REC_SETTING = Show other product recommendations..IDS_EXIT_SETTING = Exit on Close..IDS_EXIT_BKSERVICE_SETTING = Exit Background backup service when Right Backup is closed..IDS_SHOW_NETWORK_DRIVE = Show Network Drives..IDS_PROTECTION_STATUS..= Protection Status..IDS_PROTECTION_INFO_TOOLTIP = Protection Status indicates how much of your data is backed up and protected.....IDS_BACKUP_PRIORITY_INFO = Priority is based on global usage. Documents are considered as high priority, however the user can take backup in their preference order.....IDS_EULA = EULA..IDS_PRIVACYPOLICY = Privacy Policy..IDS_UNINSTALLGUIDELINE = Uninstall Guidelines....IDS_SUPPORTPOPUP1 = Call us Toll Free 24x7..IDS_SUPPORTPOPUP2 = For any system related items y

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-86NQ8.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):263680
                                                                                                                                                                                                                                                                          Entropy (8bit):6.286231034922499
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:eJYNeCC7/OqvXSM/pREDrDOFVBsfAFRjpSJioYREXhNH:eJog/OqvXJREDv0BsfAFbQ
                                                                                                                                                                                                                                                                          MD5:4C0309576B4F66DDEABC5759133B4D86
                                                                                                                                                                                                                                                                          SHA1:D6EA50AB218F871E7C610F4C3FE59A4343BCB449
                                                                                                                                                                                                                                                                          SHA-256:B90660F0D0D736B1B02C3D04BC72926361760E6B1A267C5917A5058D5C1F9AB0
                                                                                                                                                                                                                                                                          SHA-512:82ED11A7991960E849203612310E9BD148E2F87DC2E89346FA767BBA6595836DFF0380F82E640567430ADB823F434A2117A36FB7B044A8BC654290DBCFC62131
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+NyK...........!..................... ... ....@.. .......................`............@.....................................K.... ..@....................@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H...........................n...........................................>.r...p(.......*>.r...p(.......*.0.......... .....5..........6........r;..p....rC..p...........~.......~.........+0....c.Y.._b...+.~.........X...X.........-....X...........-..*.0...............7...}..... ......7...}..... ......g...}.........g...}..... ......g...}.........g...}.........g...}.........g...} ....s0...}!....s4...}".... $.....7...}#.... ..........}$.....r..g...}%.......:...}&.... .....7...}'...

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-9OJG3.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6643
                                                                                                                                                                                                                                                                          Entropy (8bit):5.373683849494868
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:kQr72cOd0EcLGMtfOkquWrrKS/ppsJ+J/qJtDTQ:rlOd0EciMtfdW
                                                                                                                                                                                                                                                                          MD5:D33A5CF05248C903E77BBAA7D8578238
                                                                                                                                                                                                                                                                          SHA1:3B7F9D7F3B08835721DF61FEEA947F10A3798A6B
                                                                                                                                                                                                                                                                          SHA-256:83847438C0E04CA7D5EDEC2A1885DCA7D6120BD26962B014AE4C2E70E3884613
                                                                                                                                                                                                                                                                          SHA-512:DCE74F7FEA8BDBE577745DBCEFC55608D6BDDD5D74645602626198A6D1F5CB0C20BF7482C6B7F2D9C47087DA00347CA84711E4848D0944AA2C84CA6AC37D2C21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>.. <requiredRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. http://support.microsoft.com/kb/936707.. http://social.msdn.microsoft.com/Forums/vstudio/en-US/db3a6268-3f45-4b72-87f0-f27cfab274b7/digitally-signed-net-service-on-windows-vista-fails-to-start?forum=clr -->.. <generatePublisherEvidence enabled="false"/>.. </runtime> .. <appSettings>.. <add key="alvm" value="1" />.. .. .. <add key="UPDATE_URL_COUNT" value="3" />.. <add key="UPDATE_PRODUCT_SHORT_NAME" value="spro" />.. <add key="UPDATE_PARAMS_BASIC" value="?productname={0}&amp;currentapplicationid={1}&amp;currentdbversionid={2}" />.. <add key="UPDATE_PARAMS_ADVANCED" value="regver={3}&amp;machineid={4}&amp;key={5}&amp;username={6}&amp;daysleft={7}" />.. <add key="PRODUCT_LEARN_MORE" value="htt

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-A8JFA.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):53248
                                                                                                                                                                                                                                                                          Entropy (8bit):4.66394629155422
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:V3Pxm9GpBHJ2jIMB8mEuR63zFEGibuzFiJzBRi/c:VU9CBgcbmEuWzFEGibvvX
                                                                                                                                                                                                                                                                          MD5:3BE6910A70806530D0FD6B59071C9EEC
                                                                                                                                                                                                                                                                          SHA1:8E7026F2E13BEEAAA15719AA2A6497226322B3C9
                                                                                                                                                                                                                                                                          SHA-256:210D821A41D90217CC09F604777D62A2B7A7FAC215BB0EAF692A9E26E8F2C23B
                                                                                                                                                                                                                                                                          SHA-512:A5AECCB8485035CEC69610EFAA2F57E4BD1F4E4F2117A0B7EE38583476FA969C94903636B8786063E60E972A12F8F06FAE8DED52E5584A7C1728CE4B219E361A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b.O...........!......... ......n.... ........Cl. ..............................f~....@.....................................O.......X............................................................................ ............... ..H............text...t.... ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-AR7RJ.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:RIFF (little-endian) data, AVI, 136 x 136, 12.00 fps, video: uncompressed
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3335168
                                                                                                                                                                                                                                                                          Entropy (8bit):5.473684616184007
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:kkpJWysp+4dysHMTOysUadSbXysi1rTPGysiXZOLyszni/lysifPEmcysiNGRysj:MnPK9tu3bRd5kdVQ4s+x9aBvpFCpXp
                                                                                                                                                                                                                                                                          MD5:7FE1CC53397AED84832D3CC9FF35117E
                                                                                                                                                                                                                                                                          SHA1:0994883BBC60D2A5B04C9049D7F405614E7A3AED
                                                                                                                                                                                                                                                                          SHA-256:DB7BDCB9DB3590B9202D2D9349CDD3A54C0B184967D0ED9E63EF9F3AFF32C692
                                                                                                                                                                                                                                                                          SHA-512:8CAF0BCD6FF57B590B0AA71A66A466FBA793065C0FD360168D76F4047845581F14C5D6959090C990C861652E1157046405D7B3EAE90FFABD2B4C73226BE38E3C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:RIFF..2.AVI LIST ...hdrlavih8....E...)..........<.......................................LIST....strlstrh8...vids............................<.......................strf....(.............................................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..................3...f.............3...3.3.3.f.3...3...3...33..333.33f.33..33..33..3f..3f3.3ff.3f..3f..3f..3...3.3.3.f.3...3...3...3...3.3.3.f.3..3...3...3...3.3.3.f.3...3...3...f...f.3.f.f.f...f...f...f3..f33.f3f.f3..f3..f3..ff..ff3.fff.ff..ff..ff..f...f.3.f.f.f...f...f...f...f.3.f.f.f..f...f...f...f.3.f.f.f...f...f.........3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..................3...f...................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f......3..f................3...f..................3...f...................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f..

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-BB995.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (415), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):180148
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7150350065771036
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:P7oIdyq5miVpNMSaQteaYcNkyafV1aapaH7gwG4F/nA3t4nbvjq1SGAMRikXd6Qs:vTfuM
                                                                                                                                                                                                                                                                          MD5:26573C64D540116000F775B11A29FA55
                                                                                                                                                                                                                                                                          SHA1:63661248DE077117F776A5B8300F1F162FD4EFE0
                                                                                                                                                                                                                                                                          SHA-256:0D57F8EB2C649E5325E5FA7B627B70F6E22303E4DCC49673637D4EF8388A0C60
                                                                                                                                                                                                                                                                          SHA-512:4CBE371DF9B5F6A2488CBE81C0C7DB92B11AFCA05D7EFDD84FABC61FB1C1825B6F603EA2C82D32A12ED60242DEA8776C726E17606359B32134D5526DB66BD449
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .V.e.r.f...g.b.a.r.e.r. .S.u.p.p.o.r.t.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.S.e.h.r. .g.e.e.h.r.t.e.r. .N.u.t.z.e.r.,.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .G.e.s.c.h...t.z.t.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .D.u.r.c.h. .S.c.h.l.i.e...e.n. .b.e.e.n.d.e.n.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .B.e.e.n.d.e.n. .S.i.e. .d.e.n. .B.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-BBM96.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (400), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):168056
                                                                                                                                                                                                                                                                          Entropy (8bit):3.68985698988155
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:GxLv2Fs4kzZVYR/GE64wl7zBaxbwNaZh43Aog50h3svts3iW8cDBpX1eQwf:6W0Mm3sv8QQwf
                                                                                                                                                                                                                                                                          MD5:D33454B66766DAA88BE9F4CA5A4AD373
                                                                                                                                                                                                                                                                          SHA1:A9FDEB8DA3833056677D374B5652E1ED350381F4
                                                                                                                                                                                                                                                                          SHA-256:9C923882578B440B7CA71F9E63F7953093C9C9EF1AFAEB5624699E832DDFDE12
                                                                                                                                                                                                                                                                          SHA-512:96952195D3E27CCD19E9BA9DBF56A1F0FF7661D50A1E09380448BC60F25693D3B1F37F57FF781372DF58283823F48BB8A1A1E10F1824FA3ED58133BC758154A7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.t.t.i.e.n.i. .a.s.s.i.s.t.e.n.z.a.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.G.e.n.t.i.l.e. .u.t.e.n.t.e.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .P.r.o.t.e.t.t.o.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .E.s.c.i. .a.l.l.a. .c.h.i.u.s.u.r.a.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .E.s.c.i. .d.a.l. .s.e.r.v.i.z.i.o. .d.i. .b.a.c.k.u.p. .i.n. .

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-C7UUC.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):49152
                                                                                                                                                                                                                                                                          Entropy (8bit):4.58482858706633
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:zx3LY+sPhWVJPsedLVDUYlkXrSXVteUdzttJ2z9IkCB7QtcNg:9L9nVJEetVDUxSpvJ2z9ID73g
                                                                                                                                                                                                                                                                          MD5:44CC83891DCEE9CB4B5E813411E5F118
                                                                                                                                                                                                                                                                          SHA1:0688FB4D09EC1D62603AC805F271E4183AB42DD0
                                                                                                                                                                                                                                                                          SHA-256:BB62F2D6FC00397807B8CB40DE66467D3BE841D6D58549011FE16975BBB505A8
                                                                                                                                                                                                                                                                          SHA-512:026A55A439097F3CE9D6151F3038211E63DF30D4B38FF15A342EC1068E1556E8A91814D7D79021A901F2AE74E2F445C73487E06EB33B254E44596C87CAC89C2E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....|.K...........!......... ......>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-CUIAS.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):99636
                                                                                                                                                                                                                                                                          Entropy (8bit):4.919925763074054
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:RJlO68WT8X5NEdsBMMVq/nsG1rfg1UqQz4znwfhKHgZwzIUJv5y1xktl:2k/s0I1Uqwxktl
                                                                                                                                                                                                                                                                          MD5:E07E03447E9EF1A69A10FBA281C996A2
                                                                                                                                                                                                                                                                          SHA1:BAC17C019D0E148954F6A039BDEBE90492A4E111
                                                                                                                                                                                                                                                                          SHA-256:323E3E519D458BE5632FB105067EA920E8F9053747902E10B7142663FA752B98
                                                                                                                                                                                                                                                                          SHA-512:2819D6CA3921DA22FE3E5328A4F32A9D6AD1472D4301D72F0FFAB9EAD50BA9191CE42891130B10687523C91D20ECBCD0AE867AA744BE924F9ED401527C8BBA7D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8. .....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .rs._/e.c......I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=..\le.v(u6b........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. ..S.Ow..v....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ....Q.......I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .R.i.g.h.t. .B.a.c.k.u.p. ....Bf...Q._.S.P.N.g.R....I.D.S._.S.H.O.W._.N.E.T.W.O.R.K._.D.R.I.V.E. .=. .>f:yQ..~q..RhV....I.D.S._.E.U.L.A. .=. .

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-DSQK9.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6643
                                                                                                                                                                                                                                                                          Entropy (8bit):5.373683849494868
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:kQr72cOd0EcLGMtfOkquWrrKS/ppsJ+J/qJtDTQ:rlOd0EciMtfdW
                                                                                                                                                                                                                                                                          MD5:D33A5CF05248C903E77BBAA7D8578238
                                                                                                                                                                                                                                                                          SHA1:3B7F9D7F3B08835721DF61FEEA947F10A3798A6B
                                                                                                                                                                                                                                                                          SHA-256:83847438C0E04CA7D5EDEC2A1885DCA7D6120BD26962B014AE4C2E70E3884613
                                                                                                                                                                                                                                                                          SHA-512:DCE74F7FEA8BDBE577745DBCEFC55608D6BDDD5D74645602626198A6D1F5CB0C20BF7482C6B7F2D9C47087DA00347CA84711E4848D0944AA2C84CA6AC37D2C21
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>.. <requiredRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. http://support.microsoft.com/kb/936707.. http://social.msdn.microsoft.com/Forums/vstudio/en-US/db3a6268-3f45-4b72-87f0-f27cfab274b7/digitally-signed-net-service-on-windows-vista-fails-to-start?forum=clr -->.. <generatePublisherEvidence enabled="false"/>.. </runtime> .. <appSettings>.. <add key="alvm" value="1" />.. .. .. <add key="UPDATE_URL_COUNT" value="3" />.. <add key="UPDATE_PRODUCT_SHORT_NAME" value="spro" />.. <add key="UPDATE_PARAMS_BASIC" value="?productname={0}&amp;currentapplicationid={1}&amp;currentdbversionid={2}" />.. <add key="UPDATE_PARAMS_ADVANCED" value="regver={3}&amp;machineid={4}&amp;key={5}&amp;username={6}&amp;daysleft={7}" />.. <add key="PRODUCT_LEARN_MORE" value="htt

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-E6IFT.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (342), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):162274
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7164296389537688
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:7pMqV8NaO9WGxRRIYo12oapTIVgGFLh2S4ocLLEy0mGzMIrIlyEKuxwr9nduBq6K:sdOKJGdJT
                                                                                                                                                                                                                                                                          MD5:00DA31D2D16B7DA3595271338DCCDC17
                                                                                                                                                                                                                                                                          SHA1:D1B3A2AEEA9B919C4D768EC53E90E708D72F1C97
                                                                                                                                                                                                                                                                          SHA-256:238112DE07CD640B08655B9472B1C48F27F8D4C10EC99011B663F3159F643D1C
                                                                                                                                                                                                                                                                          SHA-512:2B34D54716C1F4056ACFF612126BC3479970CDE5E8E1A39477225BF916A6E21068AD439F3DC2A933F15F552A16AF05F1CAA6B6B6716827E5D778B8A9A17F5978
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.n.d.e.r.s.t.e.u.n.i.n.g.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s.....I.D.S._.R.B._.U.S.E.R.=.B.e.s.t.e. .g.e.b.r.u.i.k.e.r.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .B.e.s.c.h.e.r.m.d.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .B.i.j. .a.f.s.l.u.i.t.e.n. .v.e.r.l.a.t.e.n.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .S.l.u.i.t. .d.e. .b.a.c.k.-.u.p.s.e.r.v.i.c.e. .o.p. .d.e. .a.c.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-GEL0D.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):830464
                                                                                                                                                                                                                                                                          Entropy (8bit):5.788687720136705
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:/aDnawzvtbqeG9LLPogKlbqZvUxL58rWIO84z/Ulo6KpZ47:Yn/xqeG9LLPogKlbqZvUxL58rWIO84zR
                                                                                                                                                                                                                                                                          MD5:0D744D4253C29336304DF59611AF51F2
                                                                                                                                                                                                                                                                          SHA1:16EFC3819442AB3642AE08FF0D647FBC987D935F
                                                                                                                                                                                                                                                                          SHA-256:92A4F5ABD3EC81C4641E9423DF767B15297BAE9811C9BCF9710DD289750ABFF6
                                                                                                                                                                                                                                                                          SHA-512:3C4708AC56CCF0151BC4AD7E8B166539B2C4158E6980AB98B094100385CD6F9F71D870E830C05B4605F8F0884D3FCF90E88E2339AFFF1662AA87280D1F82B74C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c............" ..0.............>.... ........... ....................... ............`....................................O......................................T............................................ ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........-................................................................{P...*:.(Q.....}P...*..0..)........u..........,.(R....{P....{P...oS...*.*.*v >.". )UU.Z(R....{P...oT...X*..0..:........r...p......%..{P......%q.........-.&.+.......oU....(V...*...0.................(....r3..p(W.....(X...-..(Y...(....sZ...rk..po[.....-.*.s......o....,9.o......o\...o]...,%.o........(^...,..o........(_...(....*.~....*6.(..........*.~....*.......*.~....*.......*.~....*.......*....0..*.......

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-GQNVN.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):310624
                                                                                                                                                                                                                                                                          Entropy (8bit):5.452302232788297
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:g9ZHGYZJJs/rphbKyoE8GoPxjdBiFaPGWjvGiPP2EpPZHqjm1Dkkra/95O:g9NNZDs/rphbKyoE8d/KnM
                                                                                                                                                                                                                                                                          MD5:3185790E5CA51B09252918FF373CD2DF
                                                                                                                                                                                                                                                                          SHA1:A5EC581991369853A60DEE600B4243D1ACF3EE6F
                                                                                                                                                                                                                                                                          SHA-256:BEEB164E668B0E63A998EA9703B6111CEB2DD905403CDFC869E3335B2CCB4B79
                                                                                                                                                                                                                                                                          SHA-512:9BE35A49C57C6CBCCD89699BB99399C72E069497B381A2E06BDDA8C73926D908DFB418353B7665CC3D0FA39845083EA813E257E0F8DEA77155DF3A242B2B8A77
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p=..S...S...S...=...S......S.../...S...+...S.Rich..S.........PE..L...B2.M...........!..............................@.......................................@.....................................(.......@...............`...........................................................................,...H............text.............................. ..`.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-GR5UV.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):387408
                                                                                                                                                                                                                                                                          Entropy (8bit):6.245055544213165
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:mH4bNycoylcQQAzB0ebN+pM4CHavptCyO3mEQGS/eoO4:mYbNWQQAzB0e176veD3mPh/O4
                                                                                                                                                                                                                                                                          MD5:F5EE17938D7C545BF62AD955803661C7
                                                                                                                                                                                                                                                                          SHA1:DD0647D250539F1EC580737DE102E2515558F422
                                                                                                                                                                                                                                                                          SHA-256:8A791AF9E3861E231662B657098A823B21A084CBB6A4901D6CCF363405849A78
                                                                                                                                                                                                                                                                          SHA-512:669A89AD811CDA4F3FF4AA318AA03E26E4CB41EA22BC321BAD02A671273D867CBD223A64BB30DA592A5484A9F1CEC77C96F5BF63B1FE586B6D3688B8C9DA530C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.RM...........!................N.... ........@.. .......................@......>,....@.....................................O.......................P.... ......t................................................ ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H........R..X...................P ......................................QN..u...I..k.i.(..7[..-.J.C.H....................O.,.gi...FuSH.. .A../...##K4%t.]..-o.b.xA..*......2^s....6.k|.u.T...*.*.*.*V.r...p(@...,.r9..p*.**.(A.....R*..(B...*&..(B...R*"..(C...*"..(D...**...(C...R*..(E...*r.(E....-.r...psF...z..}G...*....0.. ........{G...oH..........{G.....o.....*..{....*"..}....*F.r...p(....(M...*"..(M...*&...(N...*:.(......(....*>..(......(....*B...(......(....*&...(O

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-HS8VR.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):114356
                                                                                                                                                                                                                                                                          Entropy (8bit):4.908719537766586
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:sp7SV0RmMlkg+GpnFgbkKnjBbQAKEJgkra0cwTeMOHQRdSnmTgDg+gqaJ5NCudO:j9cmKi7PCudO
                                                                                                                                                                                                                                                                          MD5:FA644B75483069D945A27F3F40F376C5
                                                                                                                                                                                                                                                                          SHA1:C3C7C76E559037C11145C95B56CA83355321359D
                                                                                                                                                                                                                                                                          SHA-256:8B68C83FD3518136711085692B3469C3C32FC599BE9671C88BE54AD158624274
                                                                                                                                                                                                                                                                          SHA-512:C15252DB14CB3FB9E003755D6615EA4318E0270306AD91A1C294B656C22FBD9E798AAD773EC62247459240C8B37EDBC16FFF06420FC3D1E44A9AB16B99AD344E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. ..... ...0.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=........,.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. ...8.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ..<.t. ........I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .R.i.g.h.t. .B.a.c.k.u.p. .... ... .1...|.... .1... ...D... ........I.D.S._.S.H.O.W._.N.E.T.W.O.R.K._.D.R.I.V.E. .=. .$.....l. ..|.t... .

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-I6AVM.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):121564
                                                                                                                                                                                                                                                                          Entropy (8bit):4.885232391132364
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:/5npmmelrHbZ3e9PZHFhAz/5fuPwogxTX0wzr7R5Z:yB
                                                                                                                                                                                                                                                                          MD5:68EE3DA2D7CCD09FCCA9D13B018923EE
                                                                                                                                                                                                                                                                          SHA1:A76872ECE630E1A5B7563B0A5C8A2BA7B3581D47
                                                                                                                                                                                                                                                                          SHA-256:56752B72DADBC01B14069D7645381385D955FC4ED1BB196E0B9193818FD04BCC
                                                                                                                                                                                                                                                                          SHA-512:ED4DEB47451ED383CF9BFC16261835F654A03652E856E61EEDAAEF525FA7CE618F588A50367F4A15C1CB45F2D3C8016216576B25E7EC2BE838A242A9C1827E87
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. ..0.0.0.0.0.SQ0.0......I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=..0.0.0.0n0.v.i........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. ..Ow.U0.0f0D0~0Y0....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ...X0f0B}.NW0f0O0`0U0D0....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .R.i.g.h.t. .B.a.c.k.u.p. .L0..X0f0D0.0h0M0k0.0.0.0.0.0.0.0.0 ..0.0.0.0.0.0 ..0.0.0.0.0B}.NY0.0....I.D.S._.S.H.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-ILJ84.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):886272
                                                                                                                                                                                                                                                                          Entropy (8bit):6.8527236409195655
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:4QOzN2/IHPxPbx8YwkbXFl8a6PifS8t7YncnfrDc2Z0dwMHs9nFNFGFOFwcGF6cE:HukIHPJKYLvFGifS8t7uczrfD
                                                                                                                                                                                                                                                                          MD5:9892E0D72EEDF3DA1CDCFDAC318D556C
                                                                                                                                                                                                                                                                          SHA1:D93A5A27C601F9EA5A7FC1E8F2AD594BCFD1DDC0
                                                                                                                                                                                                                                                                          SHA-256:AF7E21907304CCAD550B6CCDB02464CBC163FA0E222EAD0594570E70360212B4
                                                                                                                                                                                                                                                                          SHA-512:ECB975B161AEBE4FD5F37C15E87F7E3706B8418779D1FCDBF233F6B2DDAA7323CA755684E33D280CC29165587967942B428AFEC6F0C35D80B677837CC073D24C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........yIi.*Ii.*Ii.*@.3*hi.*@."*ri.*@.4*7i.*W;3*Ji.*n..*Li.*Ii.*1i.*@.<*Ki.*@.%*Hi.*W;#*Hi.*@.&*Hi.*RichIi.*........................PE..L.....lJ...........!................"...............................................m...............................0...)...<...<................................@..................................`Z..@.......................@.......H............text...(........................... ..`.rdata..Y8.......:..................@..@.data....K...0..."..................@....rsrc................>..............@..@.reloc...C.......D...B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-ILP9R.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:RIFF (little-endian) data, AVI, 136 x 136, 12.00 fps, video: uncompressed, audio: uncompressed PCM (stereo, 48000 Hz)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4298460
                                                                                                                                                                                                                                                                          Entropy (8bit):5.315518715849486
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:VQworwmUcmz19DMaX0upudCDkZ20CQdMT:VQworwmUcmz19DMaX0upudCDkZ20CQdC
                                                                                                                                                                                                                                                                          MD5:352E47AB4633DB0E122CE8FB09F441E0
                                                                                                                                                                                                                                                                          SHA1:1DF2CDD9F1E2F6AC027571DEA9954C3CF9CD0AC3
                                                                                                                                                                                                                                                                          SHA-256:99C698C3E9F6088700C3DC52E873AF820D62164D15A8D0AE33458C1B4784CD56
                                                                                                                                                                                                                                                                          SHA-512:4FCF6820F81EBD16D99089F25D9073B0602793131E1AF5B8B52240674EE1DC1CAFEE6D07B0CBA91869748B5E8F396036E1B482F43DC62148FAFABF5C502C8A1D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:RIFF.A.AVI LIST$...hdrlavih8....E..............<.......................................LISTt...strlstrh8...vids............................<.......................strf(...(.......................T.Wj!..........LIST\...strlstrh8...auds.....................................'..............strf....................FIEL....FIEL..............Cr8rT......T...............................................Adobe After Effects CC 2018 (Wi.LISTV...INFOICRD....2023-05-09T12:08:27.112398..ISFT&...Adobe After Effects CC 2018 (Windows).LIST....Tdattc_O....0.tc_A....0._PMX....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c144 79.162045, 2018/01/23-06:05:52 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:xmp="http://ns.a

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-K8A67.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6809984
                                                                                                                                                                                                                                                                          Entropy (8bit):7.700271248385809
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:98304:akmNZAB8y+54DSir5+mSmC9zvsjaya7BQUdD92fKwfE/T:akmNKuOLNCBTJxdD92fg/T
                                                                                                                                                                                                                                                                          MD5:0E1DC3C18FD7BE48BDC6664E40705E1C
                                                                                                                                                                                                                                                                          SHA1:9970771751164BAEE9DB8E7503A3730D4A9233F0
                                                                                                                                                                                                                                                                          SHA-256:74A4B5D88F74B394C78E21578D1C59CCE0D0154E34A2E7F2CF3F6247F6AB0B7D
                                                                                                                                                                                                                                                                          SHA-512:EA5B39B2C400211D3BF2694E4F0551083D408A9B73D78B5F24DD143FFBE0A4C4B29FCF68BD12C04FE4E32548289612948AE1135FED615DE1649AFBA7E9C14ED8
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Right Backup\is-K8A67.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Right Backup\is-K8A67.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d..............0...e.........>.f.. ... f...@.. ........................g.......h...`...................................f.K.... f...............g..]....g.......f.............................................. ............... ..H............text...D.e.. ....e................. ..`.rsrc........ f.......e.............@....reloc........g.......g.............@..B................ .f.....H........@..........0........(L.(.f......................................([S..(PS..*....*.......*.......*.......*.......*.......*.......*....0.............*.0.............*.0.............*.0.............*.([S..(PS..*....*.......*.......*.......*.......*....0.............*....*....0.............*.([S..(PS..*....*.......*....0.............*.([S..(PS..*....*.......*.......*.......*....0.............*....*....([S..(&...*....*.......*.......*.......*.......*....0.............*....

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-KH7G4.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:RIFF (little-endian) data, AVI, 25 x 36, 24.00 fps, video: uncompressed
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):103936
                                                                                                                                                                                                                                                                          Entropy (8bit):2.0152752446532145
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:QszZ4LWaO74LWaO74LWaO74LPK4LPK4LPK4Ln4Ln4Ln4LW4LW4LW4G4G41aaqxKx:QszyhhhVVVkkkhhhtt0gg
                                                                                                                                                                                                                                                                          MD5:583B036CE812CD9DF8A6BBB8B7B3116C
                                                                                                                                                                                                                                                                          SHA1:9A4EA21E733D5C1F87F4B8B7FED46BC2F002CCEB
                                                                                                                                                                                                                                                                          SHA-256:60F4505028DD26E3FF5BBD86F6B3AD7B43A76616BD91D39AB95DA5535436FFA2
                                                                                                                                                                                                                                                                          SHA-512:8A87E5B1CBCF345B4C02EDD4FC10461ECC7D01AD69D7A134F3A8A6B7B9EF130C2766AB07D5D92B8D071989854C7BBF3D4C61CDC8AD48948DB05520BFAD0CBF24
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:RIFF ...AVI LIST ...hdrlavih8..................$...................$...................LIST....strlstrh8...vids............................$.....................$.strf....(.......$.....................................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..................3...f.............3...3.3.3.f.3...3...3...33..333.33f.33..33..33..3f..3f3.3ff.3f..3f..3f..3...3.3.3.f.3...3...3...3...3.3.3.f.3..3...3...3...3.3.3.f.3...3...3...f...f.3.f.f.f...f...f...f3..f33.f3f.f3..f3..f3..ff..ff3.fff.ff..ff..ff..f...f.3.f.f.f...f...f...f...f.3.f.f.f..f...f...f...f.3.f.f.f...f...f.........3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..................3...f...................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f......3..f................3...f..................3...f...................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f..

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-LLLC0.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):458
                                                                                                                                                                                                                                                                          Entropy (8bit):5.539493123878471
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:tagXNuM2vDFnSvjEg83/DFnH+Ob4PJOKMNbargnVBvxu7Wr4PJOKMDxTpIJzqNW:tJXkMgJPZHOEXNbaEBD6EX19IQW
                                                                                                                                                                                                                                                                          MD5:2F73F2411DB8F68AD628C748C09374B6
                                                                                                                                                                                                                                                                          SHA1:069A3CB0B997A1190D1065FE9D34F53B1307D951
                                                                                                                                                                                                                                                                          SHA-256:3E5563EEAE6B65BDD690CB1215EDD7ECA2708702787442BF449AE7EACEEF08DA
                                                                                                                                                                                                                                                                          SHA-512:63F9C0FFAD3D11FF92ACB6883E3C4C97E350B25A90C07575202B252AA76E38D0193A26AB30493A8CF0F2CF7DDCEED1E7235C2A7F64D16F1F6525E7DDDF092E34
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.....[strings]..USERAPPDATAPATH={ApplicationData}\Systweak\Right Backup..USERREGISTRYDATAPATH=HKEY_CURRENT_USER\Software\Systweak\Right Backup\notifier..UPDATELINK= https://activate123.com/rightbackup/notifier/update.asp..BASEAPPLICATIONINSTALLPATH={ProgramFiles}\Right Backup\RightBackup.exe..INIUPDATECMDPARAM=loadvalues..JSONURL=https://activate123.com/rightbackup/notifier/notifier_rb.asp..USER_REG_NOTIFIER_PATH_WITHOUT_HIVE=Software\Systweak\Notifier

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-M6CE2.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):98896
                                                                                                                                                                                                                                                                          Entropy (8bit):4.918906775169864
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:PnJhaDYL/ud7Ki80vMKp7l8qHbJnRGid0I/VZVJ+nB8waDH8a7+hW1V/VesCax:SpT9AiUA1qc
                                                                                                                                                                                                                                                                          MD5:3BF453CD30BDCDA1018CC77A77C98F52
                                                                                                                                                                                                                                                                          SHA1:B4D6BB29A1DF3D78F8E12D81941D5CC8226775DC
                                                                                                                                                                                                                                                                          SHA-256:7D1E1DB1E0115503792DD396BD51120243FF282BB22525BFCC2627608E459DDE
                                                                                                                                                                                                                                                                          SHA-512:24B61DAF32CE0602FD49FA53ED0539987BBF340AB488B795F846E0A15E034C35B2A943AC7DB249D6AFEDD5BF5B4F6CBD002EBB5FF3CE3C5AB751DCE4BD69FE7F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. ...._/e.c......I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=..\le.v(u7b........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. ..S.O.b.v....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.a.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ....QsQ.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .R.i.g.h.t. .B.a.c.k.u.p. .sQ..e...Q.T.S.Y.N.g.R....I.D.S._.S.H.O.W._.N.E.T.W.O.R.K._.D.R.I.V.E. .=. .>f:yQ..~q..RhV....I.D.S._.E.U.L.A. .=. .E.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-O4A3A.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (460), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):184052
                                                                                                                                                                                                                                                                          Entropy (8bit):3.6633333642264008
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:PSzRIkQFghFaPQ1L5lzv09BngZ5rf+t6zzGhnwRdLYxZqAazXyCe7L2qL2ovkAL:UJ4gXVGhn4S+yV7iqiovkK
                                                                                                                                                                                                                                                                          MD5:CDF565B3391293E080B7435D276C2CC6
                                                                                                                                                                                                                                                                          SHA1:107358E2749EA15F89AD674072DD97985A3BAB59
                                                                                                                                                                                                                                                                          SHA-256:1DD9A368A222D24A3ED92F4B08C57469C00815686793C22DE51183916A96EB45
                                                                                                                                                                                                                                                                          SHA-512:106FC899BC589C0868AC58980D122AB46F26741B4828F61C5CAB33472F232FDDB148648EAC51168427D4861C4B1DACF607CE758FA12B6F91F60B455176B2F8BB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.b.t.e.n.g.a. .a.s.i.s.t.e.n.c.i.a. .t...c.n.i.c.a.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.E.s.t.i.m.a.d.o. .u.s.u.a.r.i.o.:.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .P.r.o.t.e.g.i.d.o.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .S.a.l.i.r. .a.l. .c.e.r.r.a.r.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .S.a.l.g.a. .d.e.l. .s.e.r.v.i.c.i.o. .d.e. .

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-QJJ9M.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (370), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):172504
                                                                                                                                                                                                                                                                          Entropy (8bit):3.727724874177151
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:w53ve4nUqa7EJZxOIxFv9P14nIXT1WqYt6z+Zh6cXZXXoQsRqrCYJ7qth87lhI:JEflZkv6ccYJ7qtK7lhI
                                                                                                                                                                                                                                                                          MD5:5796AF1458118080E25436AFDF6B36C0
                                                                                                                                                                                                                                                                          SHA1:DBB16A47734872BA8B438AC51C7654790193118C
                                                                                                                                                                                                                                                                          SHA-256:65EBA5BBF5BC95A4A38E68FEA5AFC04A830599E8B74E97F475DA1F1DC7AC220C
                                                                                                                                                                                                                                                                          SHA-512:25441A8BB0B0F25C4DD49AA8CE44DDB2251E9D0CB9A7F5FE5E7041F82A498919030CC795BD3D3C4D0BE667126051D377CC3F9070562319182846BB91C27878B5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.b.t.e.n.h.a. .s.u.p.o.r.t.e.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.P.r.e.z.a.d.o. .u.s.u...r.i.o.,.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .P.r.o.t.e.g.i.d.o.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .S.a.i.r. .a.o. .F.e.c.h.a.r.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .S.a.i.r. .d.o. .s.e.r.v.i...o. .d.e. .b.a.c.k.u.p. .e.m. .s.e.g.u.n.d.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-QUK8H.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (399), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):161734
                                                                                                                                                                                                                                                                          Entropy (8bit):3.739082481024749
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:Xf2L5aAXK6Vb3+yzpJ+hz9Yws+xsuUbBNDE/j9BSfucf+gC2Q:ubRc
                                                                                                                                                                                                                                                                          MD5:24338882EC2E9435F3519EC38F59D7EB
                                                                                                                                                                                                                                                                          SHA1:658E4FBDABBC4438B7E93C7CDDA03BB99043DDC8
                                                                                                                                                                                                                                                                          SHA-256:147ECF825EE977954C6ACE31D0654AD0438AB54CCF100572D32B17ABB0E3D1CF
                                                                                                                                                                                                                                                                          SHA-512:3A6D1F2886F9E0B97A565A21B7D4E585ABF1FFBBD107520AC7953F763BC7A56FBC7EEBBF730B4A30AB06103281536316208DDDF78CB71DB169E09B30FFB3180D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .F... .s.u.p.p.o.r.t.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.B...s.t.a. .a.n.v...n.d.a.r.e.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .S.k.y.d.d.a.d.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .A.v.s.l.u.t.a. .v.i.d. .n.e.d.s.t...n.g.n.i.n.g.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .A.v.s.l.u.t.a. .B.a.c.k.g.r.o.u.n.d. .B.a.c.k.u.p.-.t.j...n.s.t.e.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-R278I.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):970752
                                                                                                                                                                                                                                                                          Entropy (8bit):5.526118794552923
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:n7W4U08be2MMskFq0co5hVtCcTzlaBN0CyHDVfdcnjmFSxpzZ2hLx2bLbN7Go:n7JoMkFq0Ph38yCuJdDaV2hLx2bLbN7
                                                                                                                                                                                                                                                                          MD5:88F604C7E657738234B05A0AA8D1FDA0
                                                                                                                                                                                                                                                                          SHA1:F2B1D1E23DFC6CE1175B4E1CFC72DB92AD8AA595
                                                                                                                                                                                                                                                                          SHA-256:170998E8FC475DCEFA3A628FFA9CF3370F32A41EB01B9B2FC44B866C7D1692B0
                                                                                                                                                                                                                                                                          SHA-512:69D355A3F830A67990106A894D8375B456FEE94B00925E35F7FDA33C1E55A91CE9F6B2C22BA3264B0113E7312008088715597A599C522301C2B567BADC9EAF91
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`^dP...........!................n.... ........Sy. ..............................k.....@.....................................O.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-RHSP2.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3238784
                                                                                                                                                                                                                                                                          Entropy (8bit):6.352870375224507
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:uWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTb/3334c:itLutqgwh4NYxtJpkxhGM333v
                                                                                                                                                                                                                                                                          MD5:C587F58BA1C48D1EF273A4B9F9E1CEAC
                                                                                                                                                                                                                                                                          SHA1:CE24A024B22FDF294ED2192EF99EFBF44B151149
                                                                                                                                                                                                                                                                          SHA-256:2AD05D46E948F8614D07E02920C0CA97C08162DA50F1DF75DC429CA13FF91001
                                                                                                                                                                                                                                                                          SHA-512:78681D1F030A7985A23CCD3BE9FD49644C5F2D38E9DEB70E208593471537A16229E06341BA8BD65F2F7616505B1BC4F3ACFFFD2D5153C832949BA61847667773
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1......G2...@......@....................-.......-..9....................1..]...........................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-RSVNH.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2512768
                                                                                                                                                                                                                                                                          Entropy (8bit):7.365157854805799
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:czPelj5WFP0zOxTjUC6cEvQ1IAT+F1gESu66a5:ca3WFP0KxTjUC7EvsGb6j
                                                                                                                                                                                                                                                                          MD5:4318680CD2C6C1B58EB3689AFB2B257D
                                                                                                                                                                                                                                                                          SHA1:4A72B5A6BDB17A70AF84749657F521CA8C7B7C84
                                                                                                                                                                                                                                                                          SHA-256:D1BCBEA0E7314A7626E6CDC3D1F8B21C211BA82FE4CC744DC906D011FB520C7C
                                                                                                                                                                                                                                                                          SHA-512:F6E548E0C6101F6C23656852B7C1FEC184155AFDDB84DA6FC51590C3DF3186AC736D2540B9632B6F83007BDB1DEC43A6176C7629BA2DA8D97A5EF7554C87A4FE
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Right Backup\is-RSVNH.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Right Backup\is-RSVNH.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..0...%...........&.. ... &...@.. .......................`&.....9.'...`...................................&.K.... &...............%..]...@&.......&.............................................. ............... ..H............text...4.%.. ....%................. ..`.rsrc........ &.......%.............@....reloc.......@&.......%.............@..B..................&.....H.......((..$...........L...U.....&......................................(.#..(....*:+.(.DGF.(.#..*.....*.......*....0.............*....*....0.............*.0..........(.#.. ........8........E....4...............8/...(.#.. ....8....*(.#.. ....~....:....& ....8....(.$.. ....~....9....& ....8.........*.......*.......*.......*.......*....0.............*....*....0.............*.0..........(.#.. ........8........E....b...C...$.......8]...(.#.. ....~....:....& ....8....(.#.. ....~z

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-S4F4B.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1871872
                                                                                                                                                                                                                                                                          Entropy (8bit):5.291782870548396
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:tXp5Y9VOANZ31QRGZDiUj4cCM5tuR+8w7:a990WcPg8w
                                                                                                                                                                                                                                                                          MD5:D00E478FEC3A14900132B4D1736164BC
                                                                                                                                                                                                                                                                          SHA1:C9BD6E5CAA934AFAF1C8FB5B420825ED921E85D6
                                                                                                                                                                                                                                                                          SHA-256:528C5281FF2ED232E4EC7B173433B72CF2F9468036C723798C2742D779BDD22C
                                                                                                                                                                                                                                                                          SHA-512:0A8CCB387B76A519F490B13A6FBB5EE0ADF4E5CEF2E30CBA03B749EDC12C5F03AC59A39F2013A7A17CAF4B1774D0D30D597C804C68E0B5FE64CB0DBA1E4D31AA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................................`.................................^...O...................................H...T............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........H..<*...........r..x/............................................(W...*..-.r...pr...psX...z.-.ri..pr{..psX...z..oY...(....*2.sZ...(....*..-.r...pr...psX...z.(....([...r...pr...po\...*..-.r...pr...psX...z.-.ri..pr...psX...z..oY...(....*2.sZ...(....*....0..{........-.r...pr...psX...z.......... .#Eg}...... ....}...... ...}...... vT2.}......+.....(......@X....i.@Y1.....i.Y...ij.jZ(....*..0...........@........(].........(^..... .......8/.....8.(^.......(....+%....(.....@

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-SGCSF.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (374), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):173728
                                                                                                                                                                                                                                                                          Entropy (8bit):3.711312251169772
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:JxXo1Q3sMrvqLXZ1tXgTxFKysmi3JSDVFmRqbGhQyYMZ05nt6zfnv4w9eHwN2vSV:FT60RFmnvnv4wkQNgo4qjKm
                                                                                                                                                                                                                                                                          MD5:4EFB5E9204C9C20C9C377943DE239034
                                                                                                                                                                                                                                                                          SHA1:A1E59B4AA72A4DEE926376D6086D2E7BD8C6F01E
                                                                                                                                                                                                                                                                          SHA-256:388A5C980E85A36D2F28C112323D048B93DBF2A6061EA3F42EADAFD6DBBF5C01
                                                                                                                                                                                                                                                                          SHA-512:7D5BDA5A08847700F76840B7C1407C8CCD0BA0CFDA563A3F45A2E8D2A22D53267B4CBC8F2EBA114C3DA5E1B14A3FC0FE9B3B480CE07AD8C4E970CEF7048DEF3E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.b.t.e.n.h.a. .S.u.p.o.r.t.e.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.E.s.t.i.m.a.d.o. .U.t.i.l.i.z.a.d.o.r.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .P.r.o.t.e.g.i.d.a.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .S.a.i.r. .a.o. .f.e.c.h.a.r.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .S.a.i.r. .d.o. .s.e.r.v.i...o. .d.e. .b.a.c.k.u.p. .e.m. .s.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-U9DNA.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):115200
                                                                                                                                                                                                                                                                          Entropy (8bit):5.874332503946121
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:cPHDZDQRUZiXFlbUqdRwxz+jBQu2q9jcvJH0:cPHDZkRUYXXbU44
                                                                                                                                                                                                                                                                          MD5:C757150E058428E2A0757701930C223C
                                                                                                                                                                                                                                                                          SHA1:AA162301C63621214581792B8FDE77ADF42E124C
                                                                                                                                                                                                                                                                          SHA-256:E3D4A237487E2DCD925C84559957473692BF04CD59B5F95748594345A047231E
                                                                                                                                                                                                                                                                          SHA-512:C7763F4558460092989DD393C4FEBC220E3FB5B9B13EB4AD4041623BFB527F887C09E39B5AA6C529412F6C9FA837155AE3D5D8D959211CB1452D4B4ED3966F06
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u\pK...........!................>.... ........@.. ....................... ............@.....................................W...................................@................................................ ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H...........4+...........................................................(....*.0..3.......~.....(...., r...p.....(....o....s...........~....*.~....*.......*V(....rg..p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r+..p~....o ...*V(....rA..p~....o ...*V(....rU..p~....o ...*V(....ri..p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~....o ...*V(....r...p~..

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-UGSPB.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):471936
                                                                                                                                                                                                                                                                          Entropy (8bit):7.397257431205326
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:PtYURNO9P7mMWoK3hrb7PHftyfALprklsuTrOfg5j7rwFuZh2fyXoSyN8CEN:PtHjO5Qn3IVss3/Vr2fGDua
                                                                                                                                                                                                                                                                          MD5:E3EDEEE8F3B5C66ED697C231F0DDB056
                                                                                                                                                                                                                                                                          SHA1:79ABB1C470BA7C3B64EEFDA62F197C445BFEC019
                                                                                                                                                                                                                                                                          SHA-256:3FB58C704599A0C1D74172D80CE8E78DA3615F24955B9D0B797928EA71DCE9DC
                                                                                                                                                                                                                                                                          SHA-512:358D2C5FEB4CE08C7C2DE5687C403B9B036CE252B7BA35FBFA995A1FF44B84FEAD98F32CAA53B97BC2263B34028A989FC0A97D3C3BF9E09A945F061153F28B06
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Right Backup\is-UGSPB.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d..............0.............N.... ........@.. .......................@......w.....`.....................................K.......L................]... ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...L...........................@....reloc....... ......................@..B................0.......H...........H...........`0.....7........................................(<...(....*:+.(. Pm.(1...*..0.............*A4......-...%...R...2...........-...W.......7........0.............*.0.............*.0.............*A4..................n...............3...a...s........0.............*......-.e.........-....7.....0.............*......-.e.........-....7.....0.............*......-.e..z......-....7.....0.............*.0.............*.0.............*....*....(<...(+...*....*..."...

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-UO3MV.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (400), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):174402
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8721122801314274
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:XE9aoziisgQx+mBOzYdF5YDlWVpcW/sBxGLnKE7ceda6JHbY61R73zS3tvVLM5nH:UoQfzdobEVSmv4EYb7
                                                                                                                                                                                                                                                                          MD5:FB82B7F763CC6AC5410DD76B1094A661
                                                                                                                                                                                                                                                                          SHA1:72E6FC3CF28DD2C5E640D8DD564484D696AB6834
                                                                                                                                                                                                                                                                          SHA-256:7B747F6C44A5E2DC09302863B75AD6AEC289648B3A110C88B7610FF259C4F3D9
                                                                                                                                                                                                                                                                          SHA-512:39C1D366A26CCD0A3AD0ED6BC481D3FC4B5F79BE623E155FB079EA12AE0B799796CC629FEA3C10B3F834889E03E7B472B3EB8B04B84E996972C75527629B3DAE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .U.z.y.s.k.a.j. .p.o.m.o.c. .t.e.c.h.n.i.c.z.n...:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.S.z.a.n.o.w.n.y. .U.|.y.t.k.o.w.n.i.k.u.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .C.h.r.o.n.i.o.n.y.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .W.y.j.d.z. .p.o. .z.a.m.k.n.i...c.i.u.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .W.y.j.d.z. .z. .u.s.B.u.g.i. .t.w.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-VKH9R.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):667648
                                                                                                                                                                                                                                                                          Entropy (8bit):5.660787270041257
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:V6yMr1GyFfYI+9XpmXQqeng4HyWgRZuvuSzJTemyuFV3ovUJAgq04/pB6FAXZfJI:V67rFfYI+9Xpm+ngpWj2GmXI1xp
                                                                                                                                                                                                                                                                          MD5:5B7BD8F5F22917C449E16AE4B64AB7A2
                                                                                                                                                                                                                                                                          SHA1:5A4F9A204AE11330975D4AA5A9C3E8FDC493B1F2
                                                                                                                                                                                                                                                                          SHA-256:0848A7A4B79D05C16C03EE8A8F140A909CED55B22A4B037387E9584E863DC971
                                                                                                                                                                                                                                                                          SHA-512:E476EEB4B722132D943A182F487A28AE6CC57A30B887A1E2831E2EC2782087A7742B914932736EA84E482BC8FFC3B82D480100C3909BA43293B55426F3DBC788
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Gb.O...........!......... ........... ... .....l. .......................`......t.....@.....................................O.... ..8....................@......$................................................ ............... ..H............text........ ...................... ..`.rsrc...8.... ......................@..@.reloc.......@....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\is-VU0HR.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (431), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):189044
                                                                                                                                                                                                                                                                          Entropy (8bit):4.424518380052606
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:vzlUFWki679Tgt65rZGK/Xw8Q64sXF+qX3jFksDiAqETDqh7H2:yLF/XwnlWDD
                                                                                                                                                                                                                                                                          MD5:0E37946883D1F53B30607754ABED5A89
                                                                                                                                                                                                                                                                          SHA1:8B25A25276AFA4037DC30BBF59C1B9D3812FF508
                                                                                                                                                                                                                                                                          SHA-256:652259169A657A3C17C82E2506355FD7708EB5DF381BCCE1E76CAF8C1067E3BF
                                                                                                                                                                                                                                                                          SHA-512:1D66B4C0C229EFE653E85A73240AEB12B255068965A03A885AD90D664BE689553B60C07161610EBC28CAD1DE1D99EFF3174333268EF220CC97E157143473D7D8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .....................:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=............... .....................[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .......................I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ............. ....... .....................I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. ............................... ........... ....... ....... ...............

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\italian_rbkp_IT.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (400), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):168056
                                                                                                                                                                                                                                                                          Entropy (8bit):3.68985698988155
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:GxLv2Fs4kzZVYR/GE64wl7zBaxbwNaZh43Aog50h3svts3iW8cDBpX1eQwf:6W0Mm3sv8QQwf
                                                                                                                                                                                                                                                                          MD5:D33454B66766DAA88BE9F4CA5A4AD373
                                                                                                                                                                                                                                                                          SHA1:A9FDEB8DA3833056677D374B5652E1ED350381F4
                                                                                                                                                                                                                                                                          SHA-256:9C923882578B440B7CA71F9E63F7953093C9C9EF1AFAEB5624699E832DDFDE12
                                                                                                                                                                                                                                                                          SHA-512:96952195D3E27CCD19E9BA9DBF56A1F0FF7661D50A1E09380448BC60F25693D3B1F37F57FF781372DF58283823F48BB8A1A1E10F1824FA3ED58133BC758154A7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.t.t.i.e.n.i. .a.s.s.i.s.t.e.n.z.a.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.G.e.n.t.i.l.e. .u.t.e.n.t.e.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .P.r.o.t.e.t.t.o.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .E.s.c.i. .a.l.l.a. .c.h.i.u.s.u.r.a.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .E.s.c.i. .d.a.l. .s.e.r.v.i.z.i.o. .d.i. .b.a.c.k.u.p. .i.n. .

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\japanese_rbkp_JA.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):121564
                                                                                                                                                                                                                                                                          Entropy (8bit):4.885232391132364
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:/5npmmelrHbZ3e9PZHFhAz/5fuPwogxTX0wzr7R5Z:yB
                                                                                                                                                                                                                                                                          MD5:68EE3DA2D7CCD09FCCA9D13B018923EE
                                                                                                                                                                                                                                                                          SHA1:A76872ECE630E1A5B7563B0A5C8A2BA7B3581D47
                                                                                                                                                                                                                                                                          SHA-256:56752B72DADBC01B14069D7645381385D955FC4ED1BB196E0B9193818FD04BCC
                                                                                                                                                                                                                                                                          SHA-512:ED4DEB47451ED383CF9BFC16261835F654A03652E856E61EEDAAEF525FA7CE618F588A50367F4A15C1CB45F2D3C8016216576B25E7EC2BE838A242A9C1827E87
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. ..0.0.0.0.0.SQ0.0......I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=..0.0.0.0n0.v.i........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. ..Ow.U0.0f0D0~0Y0....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ...X0f0B}.NW0f0O0`0U0D0....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .R.i.g.h.t. .B.a.c.k.u.p. .L0..X0f0D0.0h0M0k0.0.0.0.0.0.0.0.0 ..0.0.0.0.0.0 ..0.0.0.0.0B}.NY0.0....I.D.S._.S.H.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\korean_rbkp_KO.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):114356
                                                                                                                                                                                                                                                                          Entropy (8bit):4.908719537766586
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:sp7SV0RmMlkg+GpnFgbkKnjBbQAKEJgkra0cwTeMOHQRdSnmTgDg+gqaJ5NCudO:j9cmKi7PCudO
                                                                                                                                                                                                                                                                          MD5:FA644B75483069D945A27F3F40F376C5
                                                                                                                                                                                                                                                                          SHA1:C3C7C76E559037C11145C95B56CA83355321359D
                                                                                                                                                                                                                                                                          SHA-256:8B68C83FD3518136711085692B3469C3C32FC599BE9671C88BE54AD158624274
                                                                                                                                                                                                                                                                          SHA-512:C15252DB14CB3FB9E003755D6615EA4318E0270306AD91A1C294B656C22FBD9E798AAD773EC62247459240C8B37EDBC16FFF06420FC3D1E44A9AB16B99AD344E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. ..... ...0.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=........,.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. ...8.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ..<.t. ........I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .R.i.g.h.t. .B.a.c.k.u.p. .... ... .1...|.... .1... ...D... ........I.D.S._.S.H.O.W._.N.E.T.W.O.R.K._.D.R.I.V.E. .=. .$.....l. ..|.t... .

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\loadingbg.avi (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:RIFF (little-endian) data, AVI, 25 x 36, 24.00 fps, video: uncompressed
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):103936
                                                                                                                                                                                                                                                                          Entropy (8bit):2.0152752446532145
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:QszZ4LWaO74LWaO74LWaO74LPK4LPK4LPK4Ln4Ln4Ln4LW4LW4LW4G4G41aaqxKx:QszyhhhVVVkkkhhhtt0gg
                                                                                                                                                                                                                                                                          MD5:583B036CE812CD9DF8A6BBB8B7B3116C
                                                                                                                                                                                                                                                                          SHA1:9A4EA21E733D5C1F87F4B8B7FED46BC2F002CCEB
                                                                                                                                                                                                                                                                          SHA-256:60F4505028DD26E3FF5BBD86F6B3AD7B43A76616BD91D39AB95DA5535436FFA2
                                                                                                                                                                                                                                                                          SHA-512:8A87E5B1CBCF345B4C02EDD4FC10461ECC7D01AD69D7A134F3A8A6B7B9EF130C2766AB07D5D92B8D071989854C7BBF3D4C61CDC8AD48948DB05520BFAD0CBF24
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:RIFF ...AVI LIST ...hdrlavih8..................$...................$...................LIST....strlstrh8...vids............................$.....................$.strf....(.......$.....................................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..................3...f.............3...3.3.3.f.3...3...3...33..333.33f.33..33..33..3f..3f3.3ff.3f..3f..3f..3...3.3.3.f.3...3...3...3...3.3.3.f.3..3...3...3...3.3.3.f.3...3...3...f...f.3.f.f.f...f...f...f3..f33.f3f.f3..f3..f3..ff..ff3.fff.ff..ff..ff..f...f.3.f.f.f...f...f...f...f.3.f.f.f..f...f...f...f.3.f.f.f...f...f.........3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f..................3...f...................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f...f......3..f................3...f..................3...f...................3...f..............3...33..3f..3...3...3...f...f3..ff..f...f..

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\norwegian_rbkp_NO.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (372), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):158328
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7239867149010415
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:yVmz8zBeFZ3a+Y38HzD6ZQNQnkQYIBsVPBdbqCdzD62Fu9LGIj2imAkT+YObUlxV:h
                                                                                                                                                                                                                                                                          MD5:0735DA7E11DAD4DC8085E66CF10A9C3D
                                                                                                                                                                                                                                                                          SHA1:3F3672800084AC4040AF3756F2E7BAD2566769DE
                                                                                                                                                                                                                                                                          SHA-256:E4F0D9E0F2AB82F04BB7830C4A97F14F8AD0BFD61C46F10726880F3DDF6E2294
                                                                                                                                                                                                                                                                          SHA-512:C525902BFE65BFBFBA02AEACA9496FD88F1C4D29197304CB6532AF00CF0F429C60F3FBBC5293D224EEE6D5911B66FC106DF33F803050F69E67AAF76D8302CECC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .B.r.u.k.e.r.s.t...t.t.e.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.K.j...r.e. .b.r.u.k.e.r.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .B.e.s.k.y.t.t.e.t.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .A.v.s.l.u.t.t. .v.e.d. .l.u.k.k.i.n.g.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .A.v.s.l.u.t.t. .B.a.c.k.g.r.o.u.n.d. .B.a.c.k.u.p.-.t.j.e.n.e.s.t.e.n. .n.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\notifier.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):458
                                                                                                                                                                                                                                                                          Entropy (8bit):5.539493123878471
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:tagXNuM2vDFnSvjEg83/DFnH+Ob4PJOKMNbargnVBvxu7Wr4PJOKMDxTpIJzqNW:tJXkMgJPZHOEXNbaEBD6EX19IQW
                                                                                                                                                                                                                                                                          MD5:2F73F2411DB8F68AD628C748C09374B6
                                                                                                                                                                                                                                                                          SHA1:069A3CB0B997A1190D1065FE9D34F53B1307D951
                                                                                                                                                                                                                                                                          SHA-256:3E5563EEAE6B65BDD690CB1215EDD7ECA2708702787442BF449AE7EACEEF08DA
                                                                                                                                                                                                                                                                          SHA-512:63F9C0FFAD3D11FF92ACB6883E3C4C97E350B25A90C07575202B252AA76E38D0193A26AB30493A8CF0F2CF7DDCEED1E7235C2A7F64D16F1F6525E7DDDF092E34
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.....[strings]..USERAPPDATAPATH={ApplicationData}\Systweak\Right Backup..USERREGISTRYDATAPATH=HKEY_CURRENT_USER\Software\Systweak\Right Backup\notifier..UPDATELINK= https://activate123.com/rightbackup/notifier/update.asp..BASEAPPLICATIONINSTALLPATH={ProgramFiles}\Right Backup\RightBackup.exe..INIUPDATECMDPARAM=loadvalues..JSONURL=https://activate123.com/rightbackup/notifier/notifier_rb.asp..USER_REG_NOTIFIER_PATH_WITHOUT_HIVE=Software\Systweak\Notifier

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\notifierlib.dll (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):682368
                                                                                                                                                                                                                                                                          Entropy (8bit):7.174111682851083
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:WqNgd5StPTgtWoU9GlLsb7GOYAcDx0BliBeDXgUyoB:tyf+0tMIM/cD26BeDCoB
                                                                                                                                                                                                                                                                          MD5:1CA95C012774A2A2FF475E56AC0A96BB
                                                                                                                                                                                                                                                                          SHA1:1774E84D93BC9FE801BEE73A2A54608D33C1C0A6
                                                                                                                                                                                                                                                                          SHA-256:C2CA3920534AD98411CFDD1D39B9E94639FB789DE9B17B1D715AD50EDD0810C4
                                                                                                                                                                                                                                                                          SHA-512:63172C6FCC2033722E42E67EB95F8F66378545C4FB9D5EDA0FCFFB8A0DBC1578E5B721488CD7CB26B60B848D20E6993C0E64690E9021EB3A503C16FD208D46A6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...........!..0..............!... ...@....@.. ..............................3Z....`.................................. ..K....@...................]...`....... ............................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@....reloc.......`......................@..B.................!......H......................]..p.... ......................................"+.(..Q?*...B(l...(....(....*...:+.(}L.W.(a...*.....*.......*.......*....0.............*....*....0.............*.(l...(a...*....*.......*.......*.......*.......*....0.............*....*....0.............*.(l...(a...*....*.......*....0.............*.0.............*.0.............*A.......0.......-......."....0.............*A.......3...s..........."....0.............*A4......m...R...................,...B...

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\polish_rbkp_PL.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (400), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):174402
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8721122801314274
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:XE9aoziisgQx+mBOzYdF5YDlWVpcW/sBxGLnKE7ceda6JHbY61R73zS3tvVLM5nH:UoQfzdobEVSmv4EYb7
                                                                                                                                                                                                                                                                          MD5:FB82B7F763CC6AC5410DD76B1094A661
                                                                                                                                                                                                                                                                          SHA1:72E6FC3CF28DD2C5E640D8DD564484D696AB6834
                                                                                                                                                                                                                                                                          SHA-256:7B747F6C44A5E2DC09302863B75AD6AEC289648B3A110C88B7610FF259C4F3D9
                                                                                                                                                                                                                                                                          SHA-512:39C1D366A26CCD0A3AD0ED6BC481D3FC4B5F79BE623E155FB079EA12AE0B799796CC629FEA3C10B3F834889E03E7B472B3EB8B04B84E996972C75527629B3DAE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .U.z.y.s.k.a.j. .p.o.m.o.c. .t.e.c.h.n.i.c.z.n...:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.S.z.a.n.o.w.n.y. .U.|.y.t.k.o.w.n.i.k.u.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .C.h.r.o.n.i.o.n.y.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .W.y.j.d.z. .p.o. .z.a.m.k.n.i...c.i.u.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .W.y.j.d.z. .z. .u.s.B.u.g.i. .t.w.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\portuguese_rbkp_PT-BR.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (370), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):172504
                                                                                                                                                                                                                                                                          Entropy (8bit):3.727724874177151
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:w53ve4nUqa7EJZxOIxFv9P14nIXT1WqYt6z+Zh6cXZXXoQsRqrCYJ7qth87lhI:JEflZkv6ccYJ7qtK7lhI
                                                                                                                                                                                                                                                                          MD5:5796AF1458118080E25436AFDF6B36C0
                                                                                                                                                                                                                                                                          SHA1:DBB16A47734872BA8B438AC51C7654790193118C
                                                                                                                                                                                                                                                                          SHA-256:65EBA5BBF5BC95A4A38E68FEA5AFC04A830599E8B74E97F475DA1F1DC7AC220C
                                                                                                                                                                                                                                                                          SHA-512:25441A8BB0B0F25C4DD49AA8CE44DDB2251E9D0CB9A7F5FE5E7041F82A498919030CC795BD3D3C4D0BE667126051D377CC3F9070562319182846BB91C27878B5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.b.t.e.n.h.a. .s.u.p.o.r.t.e.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.P.r.e.z.a.d.o. .u.s.u...r.i.o.,.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .P.r.o.t.e.g.i.d.o.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .S.a.i.r. .a.o. .F.e.c.h.a.r.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .S.a.i.r. .d.o. .s.e.r.v.i...o. .d.e. .b.a.c.k.u.p. .e.m. .s.e.g.u.n.d.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\portuguese_rbkp_PT_PT.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (374), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):173728
                                                                                                                                                                                                                                                                          Entropy (8bit):3.711312251169772
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:JxXo1Q3sMrvqLXZ1tXgTxFKysmi3JSDVFmRqbGhQyYMZ05nt6zfnv4w9eHwN2vSV:FT60RFmnvnv4wkQNgo4qjKm
                                                                                                                                                                                                                                                                          MD5:4EFB5E9204C9C20C9C377943DE239034
                                                                                                                                                                                                                                                                          SHA1:A1E59B4AA72A4DEE926376D6086D2E7BD8C6F01E
                                                                                                                                                                                                                                                                          SHA-256:388A5C980E85A36D2F28C112323D048B93DBF2A6061EA3F42EADAFD6DBBF5C01
                                                                                                                                                                                                                                                                          SHA-512:7D5BDA5A08847700F76840B7C1407C8CCD0BA0CFDA563A3F45A2E8D2A22D53267B4CBC8F2EBA114C3DA5E1B14A3FC0FE9B3B480CE07AD8C4E970CEF7048DEF3E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.b.t.e.n.h.a. .S.u.p.o.r.t.e.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.E.s.t.i.m.a.d.o. .U.t.i.l.i.z.a.d.o.r.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .P.r.o.t.e.g.i.d.a.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .S.a.i.r. .a.o. .f.e.c.h.a.r.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .S.a.i.r. .d.o. .s.e.r.v.i...o. .d.e. .b.a.c.k.u.p. .e.m. .s.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\russian_rbkp_ru.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (441), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):171070
                                                                                                                                                                                                                                                                          Entropy (8bit):4.23978230342421
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:mNziasdVJfQreOuMP9NI0VcaGuXSiwAiGQTjVETlREPs+VxH:7OGLEo/VxH
                                                                                                                                                                                                                                                                          MD5:1C716BD476E366FC345616E7A03C1624
                                                                                                                                                                                                                                                                          SHA1:2E87D6BFCAD804C64DA814B4393442FCE58CEFA2
                                                                                                                                                                                                                                                                          SHA-256:61E012506FEB820C3B3DE9357791CF36DCB1E65934324C848AD3795D0371CB00
                                                                                                                                                                                                                                                                          SHA-512:5D9409FF56039A81D6C04BE03AC334775DB946F2EB463247B4CEB53633B4B80060F05192E2BB948A468E278B19A8E3E05B34DE85F23EB136367B9B06CF0400FE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. ...>.;.C.G.8.B.L. .?.>.4.4.5.@.6.:.C.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.#.2.0.6.0.5.<.K.9. .?.>.;.L.7.>.2.0.B.5.;.L.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. ...0.I.8.I.5.=.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. ...K.E.>.4. .?.@.8. .7.0.:.@.K.B.8.8.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. ...K.E.>.4. .8.7. .A.;.C.6.1.K. .D.>.=.>.2.>.3.>.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\spanish_rbkp_ES.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (460), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):184052
                                                                                                                                                                                                                                                                          Entropy (8bit):3.6633333642264008
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:PSzRIkQFghFaPQ1L5lzv09BngZ5rf+t6zzGhnwRdLYxZqAazXyCe7L2qL2ovkAL:UJ4gXVGhn4S+yV7iqiovkK
                                                                                                                                                                                                                                                                          MD5:CDF565B3391293E080B7435D276C2CC6
                                                                                                                                                                                                                                                                          SHA1:107358E2749EA15F89AD674072DD97985A3BAB59
                                                                                                                                                                                                                                                                          SHA-256:1DD9A368A222D24A3ED92F4B08C57469C00815686793C22DE51183916A96EB45
                                                                                                                                                                                                                                                                          SHA-512:106FC899BC589C0868AC58980D122AB46F26741B4828F61C5CAB33472F232FDDB148648EAC51168427D4861C4B1DACF607CE758FA12B6F91F60B455176B2F8BB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .O.b.t.e.n.g.a. .a.s.i.s.t.e.n.c.i.a. .t...c.n.i.c.a.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.E.s.t.i.m.a.d.o. .u.s.u.a.r.i.o.:.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .P.r.o.t.e.g.i.d.o.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .S.a.l.i.r. .a.l. .c.e.r.r.a.r.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .S.a.l.g.a. .d.e.l. .s.e.r.v.i.c.i.o. .d.e. .

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\swedish_rbkp_SV.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (399), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):161734
                                                                                                                                                                                                                                                                          Entropy (8bit):3.739082481024749
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:Xf2L5aAXK6Vb3+yzpJ+hz9Yws+xsuUbBNDE/j9BSfucf+gC2Q:ubRc
                                                                                                                                                                                                                                                                          MD5:24338882EC2E9435F3519EC38F59D7EB
                                                                                                                                                                                                                                                                          SHA1:658E4FBDABBC4438B7E93C7CDDA03BB99043DDC8
                                                                                                                                                                                                                                                                          SHA-256:147ECF825EE977954C6ACE31D0654AD0438AB54CCF100572D32B17ABB0E3D1CF
                                                                                                                                                                                                                                                                          SHA-512:3A6D1F2886F9E0B97A565A21B7D4E585ABF1FFBBD107520AC7953F763BC7A56FBC7EEBBF730B4A30AB06103281536316208DDDF78CB71DB169E09B30FFB3180D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .F... .s.u.p.p.o.r.t.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.B...s.t.a. .a.n.v...n.d.a.r.e.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .S.k.y.d.d.a.d.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .A.v.s.l.u.t.a. .v.i.d. .n.e.d.s.t...n.g.n.i.n.g.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .A.v.s.l.u.t.a. .B.a.c.k.g.r.o.u.n.d. .B.a.c.k.u.p.-.t.j...n.s.t.e.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\turkish_rbkp_TR.ini (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with very long lines (380), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):161692
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8650337131984847
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:vCLLS6vxFHTZERWQA/DTBn3Py2ubcG/yxQSR4kug/4KCP/vjPhTzR1zlIwsr+F76:ju
                                                                                                                                                                                                                                                                          MD5:4D0A76CA9640A6F1B1236237ADFF7D2F
                                                                                                                                                                                                                                                                          SHA1:EBE6D1787E010419CB9DF955B2E3561F9657A4A6
                                                                                                                                                                                                                                                                          SHA-256:7CF929EFA4367D9129D7C4CF25E12AD5CF6AA7A85BE40961556FA93B710C44BA
                                                                                                                                                                                                                                                                          SHA-512:8977095AB2B674918BCBBFD8F9245184EB6F1AB9A82E14B41318DBE446B1B389B0EA2C0A416D5F8B8FA8CC78547623F7FDD1528DB4211902B4DEFFBEA3B01A7A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[.c.o.n.s.t.a.n.t.s.].....I.D.S._.L.I.V.E._.P.H.O.N.E.=.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E.=.+.1.(.8.0.0.). .8.7.1.-.7.9.1.8.....I.D.S._.L.I.V.E._.P.H.O.N.E._.1.=.".".....I.D.S._.L.I.V.E._.I.N.T.E.R.N.A.T.I.O.N.A.L._.P.H.O.N.E._.1.=.".".....I.D.S._.D.U._.A.P.P._.N.A.M.E.=.R.i.g.h.t. .B.a.c.k.u.p.....I.D.S._.G.E.T._.S.U.P.P.O.R.T. .=. .D.e.s.t.e.k. .A.l.1.n.:.....I.D.S._.G.E.T._.S.U.P.P.O.R.T._.1. .=.....I.D.S._.O.S._.D.E.T.E.C.T.E.D.=.W.i.n.d.o.w.s. . .....I.D.S._.R.B._.U.S.E.R.=.S.a.y.1.n. .K.u.l.l.a.n.1.c.1.m.1.z.,.........[.R.B.A.C.K.U.P._.S.T.R.I.N.G.S.].........I.D.S._.P.R.O.T.E.C.T.E.D. .=. .k.o.r.u.m.a.l.1.....I.D.S._.P.R.O.D._.R.E.C._.S.E.T.T.I.N.G. .=. .S.h.o.w. .o.t.h.e.r. .p.r.o.d.u.c.t. .r.e.c.o.m.m.e.n.d.a.t.i.o.n.s.....I.D.S._.E.X.I.T._.S.E.T.T.I.N.G. .=. .K.a.p.a.t.1.l.d.1...1.n.d.a. ...1.k.....I.D.S._.E.X.I.T._.B.K.S.E.R.V.I.C.E._.S.E.T.T.I.N.G. .=. .S.a... .Y.e.d.e.k.l.e.m.e. .k.a.p.a.t.1.l.d.1...1.n.d.a. .A.r.k.a.

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\unins000.dat

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:InnoSetup Log Right Backup, version 0x418, 153583 bytes, 701188\37\user\37, C:\Program Files (x86)\Right Backup\376\37
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):153583
                                                                                                                                                                                                                                                                          Entropy (8bit):3.8022381421672398
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:c7Bu8oMzRJzRf1WAWaFwPVGFbfvIu1HXW5GYSXMJN7/7HQzw7sH+sNmtcK:iBDoMzRJzR7WaFwPVGFb3Iu13EGY4IcK
                                                                                                                                                                                                                                                                          MD5:20A75001E8675D22D7D6BA5F4E61F1CD
                                                                                                                                                                                                                                                                          SHA1:BF24B27AC97B0EFA67B390B403E64F915428667E
                                                                                                                                                                                                                                                                          SHA-256:13D7660B12DDCC366E3A5E1A964BF662D466441E38BFE8A850C244EC7A4F035E
                                                                                                                                                                                                                                                                          SHA-512:501C97916BA925BAC5AB4C9B413BE44A5D4207A0190190916CA0A2ACBDA8A8D96B249095FA2AE7BF1DE2582C5E120FB670111E17014BEE58F6B60AAD7E19B1B3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Inno Setup Uninstall Log (b)....................................Right Backup....................................................................................................................Right Backup........................................................................................................................S....W...................................................................................................................W*..........A.................7.0.1.1.8.8......a.l.f.o.n.s......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.i.g.h.t. .B.a.c.k.u.p................!...... ......*.......IFPS....F.......=................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM..........................!............TOUTPUTPROGRESSWIZA

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\unins000.exe (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3238784
                                                                                                                                                                                                                                                                          Entropy (8bit):6.352870375224507
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:uWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTb/3334c:itLutqgwh4NYxtJpkxhGM333v
                                                                                                                                                                                                                                                                          MD5:C587F58BA1C48D1EF273A4B9F9E1CEAC
                                                                                                                                                                                                                                                                          SHA1:CE24A024B22FDF294ED2192EF99EFBF44B151149
                                                                                                                                                                                                                                                                          SHA-256:2AD05D46E948F8614D07E02920C0CA97C08162DA50F1DF75DC429CA13FF91001
                                                                                                                                                                                                                                                                          SHA-512:78681D1F030A7985A23CCD3BE9FD49644C5F2D38E9DEB70E208593471537A16229E06341BA8BD65F2F7616505B1BC4F3ACFFFD2D5153C832949BA61847667773
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1......G2...@......@....................-.......-..9....................1..]...........................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Right Backup\unins000.msg

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):24089
                                                                                                                                                                                                                                                                          Entropy (8bit):3.274636739479082
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:r1EjNSCkf3SCqsTr6CCPanAG1GznL7VF+Iqfc51USQDztXfbKJG/BfvK:r1EK6CHr6f5X+7Q1USQDztB/B3K
                                                                                                                                                                                                                                                                          MD5:3001036885BCF64987510AA846BC6751
                                                                                                                                                                                                                                                                          SHA1:BCB03B4530E74F8AA94E1FA0FEBA7A728CA8ACEE
                                                                                                                                                                                                                                                                          SHA-256:4D726D642F89B603B74ABF22F38DAFE368654AFBEB151835C33D8B9D2FB6FD03
                                                                                                                                                                                                                                                                          SHA-512:DBBFD71320FFAF891468342B39CEDB706F8663410ECBC4A9207A0BCCCEB433AB53E77D9F339E182FC8BC406AD1FC5DE9F2C844188302C373139908368ED2B669
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Inno Setup Messages (6.0.0) (u)......................................]..3....z".C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8307474229450007
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugi:gJjJGtpTq2yv1AuNZRY3diu8iBVqF0
                                                                                                                                                                                                                                                                          MD5:4E46486CBA609E8BE8A617834A3BA0C9
                                                                                                                                                                                                                                                                          SHA1:BE7F46BF6C4EEFFFD0F078DC25E00E6CCC2F9475
                                                                                                                                                                                                                                                                          SHA-256:5D577E486F26994BB7466BE31AC56194B3C998E6832D241B33DAD3BCAC9508FF
                                                                                                                                                                                                                                                                          SHA-512:6D7D4E3870FA3825DB9106F2AAC0741211A49C2B76EDB939ADE725B3CFE2CCAC7F6006284A9FD7D9519B1A75BBB8A1748D9C5F01D8A1EE7E46B5F2877CB82119
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0xbe3d1c7e, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                                                                                                                          Entropy (8bit):0.6586125692064942
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:RSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:Raza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                                                                                                                                                                                                          MD5:B8CD9F9123003B2DDFE1C5075EB0AB22
                                                                                                                                                                                                                                                                          SHA1:2E8BDDC0AD120560CB8D873DB79D0EA496370B88
                                                                                                                                                                                                                                                                          SHA-256:6C997392B32AED28DE7D1D6C61382145D72434F093F80AC4A03150B5E53E8DA1
                                                                                                                                                                                                                                                                          SHA-512:496392E34A5507C2E60F41C80C3B3FAF39F08B58D8820D3749B75C8616537B7B137662861FA2AF400619A8B590AA0F0DF8CB5DC9D33BB3EED574D85C42B8D36A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.=.~... ...............X\...;...{......................0.z..........{...!...|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................^.h..!...|..................>.3a.!...|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0814810015409336
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:28YeKb3QzGuAJkhvekl1EUroXllollrekGltll/SPj:9za8rxl+UroAJe3l
                                                                                                                                                                                                                                                                          MD5:978F198343632C796D4797500A4A10C4
                                                                                                                                                                                                                                                                          SHA1:3AD69F95F66871B03BFFFFB211B21558936CCE8E
                                                                                                                                                                                                                                                                          SHA-256:B8B5D0A3A5C6ECB7840D1D240552669840D69A6150E0DD9BFEEDF746946B2024
                                                                                                                                                                                                                                                                          SHA-512:55FD241E81583C5D58CDFD7B59EC4CB632CCFF9C93744F6D9AE75820B69D49274B46D001C486526525D8EB81218A7560BCCAA9F0D2C55ACF0F1B6E53451D0C27
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.........................................;...{...!...|.......{...............{.......{...XL......{..................>.3a.!...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup\Right Backup.lnk

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Apr 18 22:33:17 2024, mtime=Thu Apr 18 22:33:17 2024, atime=Wed Jul 12 16:39:26 2023, length=6809984, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1141
                                                                                                                                                                                                                                                                          Entropy (8bit):4.657531659613668
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:8mvlk2/cREcdOEUMCgr31LAMAd3VZd3PUU1lpHqygm:8mDcOcdOur318MAd3VZd38Olsyg
                                                                                                                                                                                                                                                                          MD5:7EED3C35F8E8BEB2E9087C7E207637F1
                                                                                                                                                                                                                                                                          SHA1:56468D5F660A4B4CC9E306168947BA80D95C2623
                                                                                                                                                                                                                                                                          SHA-256:1CD33C13625AB7A7E0EC074A782E2A97B4DE9FD5E8CD0E15F1F4F4890408A294
                                                                                                                                                                                                                                                                          SHA-512:1DF9036BA04407E77F73CDA896F1E0B7263B0F8BEFAE6CA9D29A054C0AD2D73BB8105241C68138CF41D9C326CD8C761DD0371EE337BDE9806A9E69A60A794117
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.... .....-......z......\......g..........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....b.1......X*...RIGHTB~1..J......X)..X*.....*........................R.i.g.h.t. .B.a.c.k.u.p.....l.2...g..V. .RIGHTB~1.EXE..P......X)..X)...............................R.i.g.h.t.B.a.c.k.u.p...e.x.e.......b...............-.......a...........9..p.....C:\Program Files (x86)\Right Backup\RightBackup.exe..B.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.i.g.h.t. .B.a.c.k.u.p.\.R.i.g.h.t.B.a.c.k.u.p...e.x.e.#.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.i.g.h.t. .B.a.c.k.u.p.........*................@Z|...K.J.........`.......X.......701188...........hT..CrF.f4... .b.2=.b...,...W..hT..CrF.f4... .b.2=.b...,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.

                                                                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup\Uninstall Right Backup.lnk

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Apr 18 22:33:17 2024, mtime=Thu Apr 18 22:33:17 2024, atime=Thu Apr 18 22:32:56 2024, length=3238784, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1126
                                                                                                                                                                                                                                                                          Entropy (8bit):4.682648089976249
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:8m3l18IEi2dOEUMCg/NT6yAdl6d3pd2d3PUU1lpDqygm:8m3l18bDdOu/NTidwd3pd2d38Oloyg
                                                                                                                                                                                                                                                                          MD5:4EC380885E9603649F664F31E943623B
                                                                                                                                                                                                                                                                          SHA1:14C9D4EF6728CEF13E46ABA306529EA532FE2C34
                                                                                                                                                                                                                                                                          SHA-256:8491986DC2C944382C5E8A456FD9D2D912D10F7840484011AD5C6895248B54E3
                                                                                                                                                                                                                                                                          SHA-512:CF5DE40CEFDC8ED8D6C90ABFDF92B83F8F22EBD1410830BDEF8298912914873446DD66BE58A284AF423291AEF063D73C60EDB2C559020AEAD79F728B92B06901
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.... ....z.....-.!....c]......k1..........................P.O. .:i.....+00.../C:\.....................1......X)...PROGRA~2.........O.I.X*.....................V.....V...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....b.1......X*...RIGHTB~1..J......X)..X*.....*........................R.i.g.h.t. .B.a.c.k.u.p.....f.2..k1..X.. .unins000.exe..J......X)..X).............................0.u.n.i.n.s.0.0.0...e.x.e......._...............-.......^...........9..p.....C:\Program Files (x86)\Right Backup\unins000.exe..?.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.i.g.h.t. .B.a.c.k.u.p.\.u.n.i.n.s.0.0.0...e.x.e.#.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.i.g.h.t. .B.a.c.k.u.p.........*................@Z|...K.J.........`.......X.......701188...........hT..CrF.f4... .l.2=.b...,...W..hT..CrF.f4... .l.2=.b...,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-

                                                                                                                                                                                                                                                                          C:\ProgramData\Systweak\Right Backup\-1\DB\SettingDB.db

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                                                                                                          Entropy (8bit):7.929354662501114
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ALMo0CuhYUzcF3P0hYUAcF3PCcF3PwcF3PwcF3P9zbPcF3PPcF33IcQ9:cMfhYUAmhYUTrddI+JC
                                                                                                                                                                                                                                                                          MD5:82F7C5A52CE13319DF636506CBE7471A
                                                                                                                                                                                                                                                                          SHA1:87AFBA039347B6147B7F033E813CE3572C15555F
                                                                                                                                                                                                                                                                          SHA-256:14C895CD1DD40118E423459DA4B89441177076F3601552054CCF821A66929E54
                                                                                                                                                                                                                                                                          SHA-512:F9B7CE2A5006205030BEBE01D601A4A959F79B1F8A57BBB013F53DF9688EAF742D76049CC722DF85D67CB23BD8EF2BD69DA8BF1B931CEA31157548522A238026
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:*...'8..TQ........~........o..:.N.I...gs....../<..M.SMl..vY..?......s..x'.g.Dj...^.m[.g.*.........y...3..[>.|...Le...l2~.1.>.7.R..M2Xn..;..qh#.......P.xM...-z.G......s..s4.....).{...v@r......i_..~.b..x.?...8....q......oVu.......9rgz...3..\.tf....4........}<..TV3.H._.*..L....H....|.&+j.Dd[..L...q.Z."..)M...(%..wL...C@.)\....{.ww....^tok..I9."..GZ.r...$.Es)..l"~....{.a=.uT=...{!+.../..)l.......o...FVT...BE.`.w'.J.;......N(.....".}...z.R.4..!X...@*X.Y.....H..f.. ...;%..Yw..0l]..:B..O...F...]...T.my..8.%X...x.+z..a....MH..W.%....,..`.;..~..I.o8.Q43..`..p....`...av..gW...5.Q.....U.<sH.].d."x^yM|....~u..e...w.....V....X..]<.....Y["!"kMa.A.....a..l.~.9+.........d.U.R....2...r_.n_.ZS|\.....FC%t...V.x^.(....'l......)..#ic._i.....n.nc.l%..R#~....B..)....X..|s.v.ft......T..K.sq.d ....r..V.M...V!<.C........c_m.p.w.........k...48..m.=M9.^.>]..-u.n..jr.9.gf......A.,n.S.v...".T...![.V..N. ....%..g>.AR>4......x*..%v.w.6....%...-...i.\.9......e..d.nz.)lD.d...w...

                                                                                                                                                                                                                                                                          C:\ProgramData\Systweak\Right Backup\-1\DB\SettingDB.db-journal

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3608
                                                                                                                                                                                                                                                                          Entropy (8bit):7.339404155737328
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:7Qb8cFn3BeNe9Kb8cFn3BeNe9db8L3co0CPEg:7dcF3PncF3POLMo0C3
                                                                                                                                                                                                                                                                          MD5:B4A6B5EC6C80132F2109F328943E4E3F
                                                                                                                                                                                                                                                                          SHA1:E51A7DEAD2FA825BF4C5C584B26549EB4F0B6282
                                                                                                                                                                                                                                                                          SHA-256:C5D182DFA3DD52BB37F1060748194920EAAC9AF7C7CEE5B486E8C58324E0D45D
                                                                                                                                                                                                                                                                          SHA-512:12D6AE1BF9357D868E1184E8E3F9BFE50CEDBC132D786342D4BDB43D9CBDE358545D6062E1375EDDD74FABD62B987D2324F1859569762EA762FC69657B603E91
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.... .c......*K[....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................tN.gSY.;#...........'.."R.o..:.N.I...gs....../<..M.SMl..vY..?......s..x'.g.Dj...^.m[.g.*.........y...3..[5..:.Le...l2~.1.>.7.R..M2Xn..;..qh#.......P.xM...-z.G......s..s4.....).{...v@r......i_..~.b..x.?...8....q......oVu.......9rgz...3..\.tf....4........}<..TV3.H._.*..L....H....|.&+j.Dd[..L...q.Z."..)M....^..`k..E.7!.E9@....$.....96....9jpV.)=.1J.p.e'h...Ly<.xsg...I..:Z...[Ob.?nAr.N.w..D.=..Q..v5m..++.....Iaf.w.....;X_.....L...w.r.....x.&.`.x5y.....h..F0..&

                                                                                                                                                                                                                                                                          C:\ProgramData\Systweak\Right Backup\Logs\RBClientService.txt

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RBClientService.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):815
                                                                                                                                                                                                                                                                          Entropy (8bit):5.0703037108101014
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:MYHDo2YHDo2YHDo2YHDo2Yis9kewYis9keTYiOSYKYB9:LIII89r9SR9
                                                                                                                                                                                                                                                                          MD5:F453D92BD3ECA1DBF23686805EA8B180
                                                                                                                                                                                                                                                                          SHA1:9D0A6DD755169A5933775050FD8D57C76FDFCBCA
                                                                                                                                                                                                                                                                          SHA-256:A5105E2B6FD82C287B254ACA623B5C8220AC0F51E0119FB5DA07997191C13B72
                                                                                                                                                                                                                                                                          SHA-512:37F16EFBD49430F4AFF178460F585022F58C18B7C4EE1B1368370FF3835D2D86C6DB921AB9425C8C921B5637CB5C4AC70A040DE272874C2272588D244D0959DB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.19/04/2024 01:33:31|STBackupclient.Engine.Scanner.SBRulesUser|SBRulesUser::CreateRegexExp : unable to fetch desktop path..19/04/2024 01:33:31|STBackupclient.Engine.Scanner.SBRulesUser|SBRulesUser::CreateRegexExp : unable to fetch desktop path..19/04/2024 01:33:31|STBackupclient.Engine.Scanner.SBRulesUser|SBRulesUser::CreateRegexExp : unable to fetch desktop path..19/04/2024 01:33:31|STBackupclient.Engine.Scanner.SBRulesUser|SBRulesUser::CreateRegexExp : unable to fetch desktop path..19/04/2024 01:33:31|cRBClientService::InitializeComponent : cRBClientService entered..19/04/2024 01:33:31|cRBClientService::InitializeComponent : cRBClientService exit..19/04/2024 01:33:31|cRBClientService:: : OnStart enter..19/04/2024 01:33:31|cMainWorker OnStart : Entered..19/04/2024 01:33:31|cMainWorker OnStart : Done..

                                                                                                                                                                                                                                                                          C:\ProgramData\Systweak\Right Backup\Logs\RightBackup.txt

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):788
                                                                                                                                                                                                                                                                          Entropy (8bit):5.10013294707289
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:YdYcP5tgYX5thXPYMP5tvdHXk+XX11ayYN5trM1mi859HezTHQ0Yp1H5+:MYcHgYfRYOvBpYBuS96THQ0YA
                                                                                                                                                                                                                                                                          MD5:D33DFEB8CE92EEF554A6E4D0AA90B2CF
                                                                                                                                                                                                                                                                          SHA1:AD5C471C590665F2A7857CFE65EA143CDB55D27A
                                                                                                                                                                                                                                                                          SHA-256:BD9A0BB00D05D9E446A5D693E65CE8C433133927B131C621AF5D6E6DA77AC065
                                                                                                                                                                                                                                                                          SHA-512:2582030EA5E467DEAA80071DE1E9780B4ADAA2D3FCCDB272535E4B02EC2793C2476A9FAE89A1FDD059AFFE397FAB7E63A23594CED8E9F46B748B02A44731B498
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.19/04/2024 01:33:24|cPopupNotificationSettings | Start Interval | 2700000..19/04/2024 01:33:30|cPopupNotificationSettings | Start Interval | 2700000..19/04/2024 03:48:30|Major=10::Build=19045::ProductType=1..19/04/2024 01:33:42|cPopupNotificationSettings | Start Interval | 2700000..19/04/2024 08:18:32|Major=10::Build=19045::ProductType=1..19/04/2024 10:33:21|---->frmMain constructor called..19/04/2024 11:18:17|Major=10::Build=19045::ProductType=1..19/04/2024 13:33:04|cMachineInfo::chasis type : Other..19/04/2024 01:33:47|cPopupNotificationSettings | Start Interval | 2700000..21/04/2024 05:11:24|cInternetSettings|FetchProxySettings|getting default web proxy db not found can occur first time verifynull..19/04/2024 01:33:56|cPopupNotificationSettings | Start Interval | 360000..

                                                                                                                                                                                                                                                                          C:\ProgramData\Systweak\Right Backup\rules\ignorerules.xml (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (6128), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6128
                                                                                                                                                                                                                                                                          Entropy (8bit):5.0438215327806475
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:wRppEudkouEUppl2z3JgwuF9FefqoGlG7RDlXBPXYus2u0QRQJiXrXnX6KDJBY:wRwAQfJBF9FefrpplBX1u0Q2YJ+
                                                                                                                                                                                                                                                                          MD5:E96AC31EFCB461D082420954E39F90C0
                                                                                                                                                                                                                                                                          SHA1:D73BB4B52687BECD82CBF812AD29B625248EEEF8
                                                                                                                                                                                                                                                                          SHA-256:7B038DA9B4147268FDBF937D35801A61AF570153158547904FF2908BFC683F9A
                                                                                                                                                                                                                                                                          SHA-512:0D457E6D1C88DFE627155D1AA035C9BA87A9EDB0A09A9DB534890332934A12F7FCADD41096A56FB860FCEFD971F1E190F7D8BF1717FA7F376811AF657B44F722
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?><ArrayOfIR xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ir><Id>1</Id><item>.:\\(RECYCLER|RECYCLED|\$RECYCLE\.BIN|\$WinREAgent|System Volume Information|windows|windows\\temp|windows\.old|windows(.+?).old|Recovery|MSOCache|QUARANTINE|PerfLogs|winddk|rbtemp|(Users|Documents and Settings)\\(.+?)\\((start menu|recent|jedi|local settings|intelgraphicsprofiles|Links|\.cache|\.conda|\.config|\.dotnet|\.idlerc|\.ipynb_checkpoints|\.ipython|\.jupyter|\.keras|\.librarymanager|\.matplotlib|\.nuget|\.spyder-py3|\.templateengine|\.vscode|Links|Searches|Tracing)|(appdata|application data|Local Settings)(\\temp|\\application data|\\local|\\locallow|\\roaming|\\local\\microsoft\\windows|\\roaming\\microsoft\\windows|Local Settings\\temp|\\Local\\Temp|\\local\\microsoft\\windows\\temporary internet files|\\local\\microsoft\\internet explorer|\\Local\\Microsoft\\Windows Mail\\Stationary|\\Start Menu|\\Roaming\\M

                                                                                                                                                                                                                                                                          C:\ProgramData\Systweak\Right Backup\rules\is-FLJIB.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (6128), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6128
                                                                                                                                                                                                                                                                          Entropy (8bit):5.0438215327806475
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:wRppEudkouEUppl2z3JgwuF9FefqoGlG7RDlXBPXYus2u0QRQJiXrXnX6KDJBY:wRwAQfJBF9FefrpplBX1u0Q2YJ+
                                                                                                                                                                                                                                                                          MD5:E96AC31EFCB461D082420954E39F90C0
                                                                                                                                                                                                                                                                          SHA1:D73BB4B52687BECD82CBF812AD29B625248EEEF8
                                                                                                                                                                                                                                                                          SHA-256:7B038DA9B4147268FDBF937D35801A61AF570153158547904FF2908BFC683F9A
                                                                                                                                                                                                                                                                          SHA-512:0D457E6D1C88DFE627155D1AA035C9BA87A9EDB0A09A9DB534890332934A12F7FCADD41096A56FB860FCEFD971F1E190F7D8BF1717FA7F376811AF657B44F722
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?><ArrayOfIR xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ir><Id>1</Id><item>.:\\(RECYCLER|RECYCLED|\$RECYCLE\.BIN|\$WinREAgent|System Volume Information|windows|windows\\temp|windows\.old|windows(.+?).old|Recovery|MSOCache|QUARANTINE|PerfLogs|winddk|rbtemp|(Users|Documents and Settings)\\(.+?)\\((start menu|recent|jedi|local settings|intelgraphicsprofiles|Links|\.cache|\.conda|\.config|\.dotnet|\.idlerc|\.ipynb_checkpoints|\.ipython|\.jupyter|\.keras|\.librarymanager|\.matplotlib|\.nuget|\.spyder-py3|\.templateengine|\.vscode|Links|Searches|Tracing)|(appdata|application data|Local Settings)(\\temp|\\application data|\\local|\\locallow|\\roaming|\\local\\microsoft\\windows|\\roaming\\microsoft\\windows|Local Settings\\temp|\\Local\\Temp|\\local\\microsoft\\windows\\temporary internet files|\\local\\microsoft\\internet explorer|\\Local\\Microsoft\\Windows Mail\\Stationary|\\Start Menu|\\Roaming\\M

                                                                                                                                                                                                                                                                          C:\ProgramData\Systweak\Right Backup\rules\is-GBDPB.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (2125), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2125
                                                                                                                                                                                                                                                                          Entropy (8bit):4.954672337191912
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:cOa8faq/P98exShEmAk2VxSr8U+hSxCAFpxoq02J3JIx/2x6+b:m0FH4WRUrb+hSxFpq89JI0ok
                                                                                                                                                                                                                                                                          MD5:97C1F5484BF115ADDF2F87E9CFE24D14
                                                                                                                                                                                                                                                                          SHA1:E2405E8F3BEA59889203CBA6CB5D3F9C72FDA1A2
                                                                                                                                                                                                                                                                          SHA-256:FA95C69C1BD50D2FA72F5FF5C55C653DC017D68B8F94097ED4EA320E9D7062FA
                                                                                                                                                                                                                                                                          SHA-512:7B7EE911CBEADC89BDEFA937927E6D9D8F9110B4D36C73859D272AE68775ADEEE9ABAFF6DC710D0823F0CA41A1D22A8A8E159B84708C656A8C1801CF03430625
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></s

                                                                                                                                                                                                                                                                          C:\ProgramData\Systweak\Right Backup\rules\is-UKI8B.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 0, page size 1024, file counter 2, database pages 0, cookie 0x1, schema 4, UTF-8, version-valid-for 0
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):388096
                                                                                                                                                                                                                                                                          Entropy (8bit):7.159462213602851
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:wo1sCP74FaET/+zOYtFUoP+NFAaKbix8FlOWxwPtOXu9cN7HuaKFvFtDPFkJanI+:wq74twnlP+N+No8FlzxEquwOaKFvTq87
                                                                                                                                                                                                                                                                          MD5:C1B375A235216958FB80B5F868385481
                                                                                                                                                                                                                                                                          SHA1:DEED6C84A6135F5BEE543B5C4146D6D002A5ABE7
                                                                                                                                                                                                                                                                          SHA-256:F4E746AE34BEC60FBAC3A971CD55E519D26744AC2A8770ABAE3B75C272C0B388
                                                                                                                                                                                                                                                                          SHA-512:CF9B298D2440690B4AD275038CC9C4A3944F220C1C2E9E2D207CBB935FB969603C44074325A43CD13C1BF18CA9A543CA2D83549FEA0FD5FB04E941860358CB7C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................H......etablesfhashessfhashes.CREATE TABLE [sfhash

                                                                                                                                                                                                                                                                          C:\ProgramData\Systweak\Right Backup\rules\sfe.db (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 0, page size 1024, file counter 2, database pages 0, cookie 0x1, schema 4, UTF-8, version-valid-for 0
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):388096
                                                                                                                                                                                                                                                                          Entropy (8bit):7.159462213602851
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:wo1sCP74FaET/+zOYtFUoP+NFAaKbix8FlOWxwPtOXu9cN7HuaKFvFtDPFkJanI+:wq74twnlP+N+No8FlzxEquwOaKFvTq87
                                                                                                                                                                                                                                                                          MD5:C1B375A235216958FB80B5F868385481
                                                                                                                                                                                                                                                                          SHA1:DEED6C84A6135F5BEE543B5C4146D6D002A5ABE7
                                                                                                                                                                                                                                                                          SHA-256:F4E746AE34BEC60FBAC3A971CD55E519D26744AC2A8770ABAE3B75C272C0B388
                                                                                                                                                                                                                                                                          SHA-512:CF9B298D2440690B4AD275038CC9C4A3944F220C1C2E9E2D207CBB935FB969603C44074325A43CD13C1BF18CA9A543CA2D83549FEA0FD5FB04E941860358CB7C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................H......etablesfhashessfhashes.CREATE TABLE [sfhash

                                                                                                                                                                                                                                                                          C:\ProgramData\Systweak\Right Backup\rules\smartbackuprules.xml (copy)

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (2125), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2125
                                                                                                                                                                                                                                                                          Entropy (8bit):4.954672337191912
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:cOa8faq/P98exShEmAk2VxSr8U+hSxCAFpxoq02J3JIx/2x6+b:m0FH4WRUrb+hSxFpq89JI0ok
                                                                                                                                                                                                                                                                          MD5:97C1F5484BF115ADDF2F87E9CFE24D14
                                                                                                                                                                                                                                                                          SHA1:E2405E8F3BEA59889203CBA6CB5D3F9C72FDA1A2
                                                                                                                                                                                                                                                                          SHA-256:FA95C69C1BD50D2FA72F5FF5C55C653DC017D68B8F94097ED4EA320E9D7062FA
                                                                                                                                                                                                                                                                          SHA-512:7B7EE911CBEADC89BDEFA937927E6D9D8F9110B4D36C73859D272AE68775ADEEE9ABAFF6DC710D0823F0CA41A1D22A8A8E159B84708C656A8C1801CF03430625
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?><ArrayOfSsi xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ssi><Id>1</Id><ext>RB_DESKTOP</ext><path><string>RB_OSDRIVE_ALLDESKTOP</string></path></ssi><ssi><Id>2</Id><ext>*.odt,*.ott,*.oth,*.odm,*.sxw,*.stw,*.sxg,*.doc,*.dot,*.docx,*.docm,*.dotx,*.dotm,*.wpd,*.wps,*.rtf,,*.csv,*.sdw,*.sgl,*.vor,*.uot,*.uof,*.jtd,*.jtt,*.hwp,*.602,*.pdb,*.psw,*.xls,*.xlw,*.xlt,*.xlsx,*.xlsm,*.xltx,*.xltm,*.xlsb,*.wk1,*.wks,*.123,*.dif,*.sdc,*.dbf,*.slk,*.uos,*.pxl,*.wb2,*.ppt,*.pps,*.pot,*.pptx,*.pptm,*.potx,*.potm,*.sdd,*.sdp,*.uop,*.cgm,*.pdf,*.wpt,*.et,*.ett,*.dpt,*.dps,*.ods,*.odp,*.odg</ext><path><string>RB_ALLDRIVES</string></path></ssi><ssi><Id>4</Id><ext>*.3g,*.3gp,*.3gpp,*.avi,*.divx,*.dv,*.f4v,*.flv,*.m2ts,*.m4v,*.mkv,*.mod,*.mov,*.mp4,*.mpe,*.mpeg,*.mpeg4,*.mpg,*.mts,*.nsv,*.ogm,*.ogv,*.qt,*.tod,*.ts,*.vob,*.wmv,*.rm,*.rmvb,*.ifo,*.asx,*.swf,*.mpv,*.mpa</ext><path><string>RB_ALLDRIVES</string></path></s

                                                                                                                                                                                                                                                                          C:\Users\Public\Desktop\Right Backup.lnk

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Apr 18 22:33:17 2024, mtime=Thu Apr 18 22:33:19 2024, atime=Wed Jul 12 16:39:26 2023, length=6809984, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1123
                                                                                                                                                                                                                                                                          Entropy (8bit):4.6872507881690195
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:8m6lk2/18IEi2dOEUMCgr31LAMXd3VZd3PUU1lpHqygm:8mu18bDdOur318MXd3VZd38Olsyg
                                                                                                                                                                                                                                                                          MD5:0B9C103BDCC5EA02756CC374A46EB7EF
                                                                                                                                                                                                                                                                          SHA1:0312CB34578995907CF8559D25CE44BAABA7498A
                                                                                                                                                                                                                                                                          SHA-256:4E9E05145E63EB5EB53661F01D837AE29394431F705CF5B78B4C7FFED4BF6817
                                                                                                                                                                                                                                                                          SHA-512:E48B7378AABF5BD3CEF3C40B904887386215BCF0003751C3FEADF619095423DF9B8711B5C8BC528D3F61301D180CF47D44F96F4A63B963D2953425FD394EE86D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.... .....-.............\......g..........................P.O. .:i.....+00.../C:\.....................1......X)...PROGRA~2.........O.I.X*.....................V.....V...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....b.1......X*...RIGHTB~1..J......X)..X*.....*........................R.i.g.h.t. .B.a.c.k.u.p.....l.2...g..V. .RIGHTB~1.EXE..P......X)..X)...............................R.i.g.h.t.B.a.c.k.u.p...e.x.e.......b...............-.......a...........9..p.....C:\Program Files (x86)\Right Backup\RightBackup.exe..9.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.i.g.h.t. .B.a.c.k.u.p.\.R.i.g.h.t.B.a.c.k.u.p...e.x.e.#.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.i.g.h.t. .B.a.c.k.u.p.........*................@Z|...K.J.........`.......X.......701188...........hT..CrF.f4... .b.2=.b...,...W..hT..CrF.f4... .b.2=.b...,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RBNotifier.exe.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RBNotifier.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1336
                                                                                                                                                                                                                                                                          Entropy (8bit):5.343476215424073
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:ML9E4KlKDE4KhKiKhIE4Kx1qE4qpsXE4qdKtKIE4oKNzKoZAE4Kze0E4j:MxHKlYHKh3oIHKx1qHpH7tHo6hAHKzea
                                                                                                                                                                                                                                                                          MD5:FF7F7D64507076A6E2FAE74569AA034A
                                                                                                                                                                                                                                                                          SHA1:DFFCDB2687FE842482BADB77152BA5CD05EB4622
                                                                                                                                                                                                                                                                          SHA-256:52D3681304DADBB8BE4184743F338847B77AA0D6F86C52D0E2B4CED9EBC89DFE
                                                                                                                                                                                                                                                                          SHA-512:AA870145E7C850021D9FC1A1D33B9BB10E6E476958D9CD3EAAE5B0B78EBBB3D0CA41AF498D86F5E2620F2466767604BDB4CF1AAD800284C1587B40451D33CC7E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\96012833bebd5f21714fc508603cda97\System.Management.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RightBackup.exe.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2794
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3386327571816
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:MxHKlYHKh3oIHKdHKWvpHt1qHkHitHo6hAHKzeUHKMR0mHKtXo5fHKm8mHgayHO6:iqlYqh3oIqdqWhNwECtI6eqzNqMRnqqs
                                                                                                                                                                                                                                                                          MD5:D50C4E79BAFD3B5FE651FA39C053EB9E
                                                                                                                                                                                                                                                                          SHA1:492E481B06FFAF7D7989EA601BF89EFE118CA1A8
                                                                                                                                                                                                                                                                          SHA-256:82D587F645F45DC304CED891D597B427A5B12FFF0AE257A78E60372E8AFD870D
                                                                                                                                                                                                                                                                          SHA-512:DCBE7C2B138A509486E375546661A932415721ED1FB55FA1F74730DCB07DB55A1CA1F8178560BD539D013B901165D5BC90F8E42379ED1EBE71CB21CC4C15A2A3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a3127677749631df61e96a8400ddcb87\System.Runtime.Serialization.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\Syst

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E32A7KZM\www.rightbackup[1].xml

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (415), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):415
                                                                                                                                                                                                                                                                          Entropy (8bit):4.896510468011159
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:JUKCzVnhkBWU7FlhkB26D6e2hkBxU89KhkB4:yPFhkYuhk4XhkTR9Khkm
                                                                                                                                                                                                                                                                          MD5:B6266AC3C7F97C703E8E2F545C7968E2
                                                                                                                                                                                                                                                                          SHA1:72D6CC699D39C397BF33921984AD5A00CFD9C74E
                                                                                                                                                                                                                                                                          SHA-256:FAE6F43C9B9C60EB5D1FD3928CF9F33053B11BF053E73C01FB35C197BA7D4749
                                                                                                                                                                                                                                                                          SHA-512:F890CD75D145F6A47442D8B4415BC4FD0788B3A79845477E15ADB8B74CF11A7F1699AB8804A99C0887FD002779EA0300FB77E6DFF55884491EA9027230103B2D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<root><item name="_uetsid" value="d7b1d100009911efac0adda82ac3fe0a" ltime="2574347072" htime="31102118" /><item name="_uetsid_exp" value="Tue, 23 Apr 2024 11:17:02 GMT" ltime="2574347072" htime="31102118" /><item name="_uetvid" value="d7b24f40009911ef8cc5e3c0cba61b2e" ltime="2574347072" htime="31102118" /><item name="_uetvid_exp" value="Sat, 17 May 2025 11:17:02 GMT" ltime="2574347072" htime="31102118" /></root>

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):49120
                                                                                                                                                                                                                                                                          Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Ztt:T
                                                                                                                                                                                                                                                                          MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                                                                                                          SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                                                                                                          SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                                                                                                          SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Alert_icon[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 49x51, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2507
                                                                                                                                                                                                                                                                          Entropy (8bit):7.393905584480548
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:NpNn2WqJ3VVyB8QRKYTEUiIaYmxqGmg46vO97Ft:92VVk89iCPlxqlg4qOHt
                                                                                                                                                                                                                                                                          MD5:09C87A2ADDA77674EC2FCB6CAA276C09
                                                                                                                                                                                                                                                                          SHA1:B4853B2E10960E7CC4B276E298103B70C6A236A5
                                                                                                                                                                                                                                                                          SHA-256:7C06E39BE2A65FAE9FB29FFA8B5A4B38F8C762EBABA9A8F5D656D4CC752D4C81
                                                                                                                                                                                                                                                                          SHA-512:0F7447DEAA31FD8D5FF5906086CC20673061821D5E16A71980BEAD4FCF8084C9A02C806F38C47C6C66904B66B2EF483495471F762AEAE08084B0F08D6111614A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.4 (Macintosh)" xmpMM:InstanceID="xmp.iid:1D6DA058E8E411ED9963DEBF30B4BE93" xmpMM:DocumentID="xmp.did:1D6DA059E8E411ED9963DEBF30B4BE93"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1D6DA056E8E411ED9963DEBF30B4BE93" stRef:documentID="xmp.did:1D6DA057E8E411ED9963DEBF30B4BE93"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FullScreenNormal[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 19 x 15
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                                                                                          Entropy (8bit):5.483623676444322
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:C4nlsAOVVdzl7/l7m8tJO3m0q3RKIFoHen:alc8tJO3Zyeen
                                                                                                                                                                                                                                                                          MD5:1DB07FAEE908D9CD67BD77F15FAC0455
                                                                                                                                                                                                                                                                          SHA1:87E9C66E69702C62715A6CCECF622D15C45CDE78
                                                                                                                                                                                                                                                                          SHA-256:F357760F0DE51A5096880E788779C00A85D4F2A3EFA500328FAF20EEC23009D3
                                                                                                                                                                                                                                                                          SHA-512:1874D9778345162F8F151032CD34E71BE4181233789D47E0E5A8AFBDE23A9339CF0F927F51F1300B3DAECE2E8871280A1C07B7AAF24A560FF63B6040A06EE667
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a................iii............!.......,..........7.....I.\6S.5.C(..A.hy.l+...[.e.Y]|..O<.(&q..../..<..@..;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Red_strip[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 734x51, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4613
                                                                                                                                                                                                                                                                          Entropy (8bit):6.871555506230918
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:fQRVy1uDSSSSSSSSSSSSSSSSSSSSSGj0aB:+yuDSSSSSSSSSSSSSSSSSSSSSGj06
                                                                                                                                                                                                                                                                          MD5:D651F68E9E9F1B91F19575B857955F55
                                                                                                                                                                                                                                                                          SHA1:2A52196C68136B576377B421140F4A7AFDA20A26
                                                                                                                                                                                                                                                                          SHA-256:8A3DFF36EF5A1A79FB63C0985236DC2CB193DD3E58147D5D69F3C55B566F8FF6
                                                                                                                                                                                                                                                                          SHA-512:389141E9DF90F28D7950D10987E6845202D508F481E72C92D351D04D973A6871A365EB3E4A9F10AB5DE02F3B975F08F70226C30C8F4288F48C39A1FBCAC41E41
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:1D6DA055E8E411ED9963DEBF30B4BE93" xmpMM:InstanceID="xmp.iid:1D6DA054E8E411ED9963DEBF30B4BE93" xmp:CreatorTool="Adobe Photoshop 24.4 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1D27E37DE8E211ED9963DEBF30B4BE93" stRef:documentID="xmp.did:1D27E37EE8E211ED9963DEBF30B4BE93"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Small_fixerror_dis_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 12x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1415
                                                                                                                                                                                                                                                                          Entropy (8bit):6.452106359586615
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:FK1he91Wwjx82lY2T3ouViheYoyJ3VDMtWGKezn0PF0r4tin4DV9kZMb43:SqQNn2xoM4J3hAWVJd0cin4DVO
                                                                                                                                                                                                                                                                          MD5:1986FCBA35C1AE3DEC58BBAC236852BA
                                                                                                                                                                                                                                                                          SHA1:F1C72D0D2AFB637D9F13CB6004E1E7DE4572A3CD
                                                                                                                                                                                                                                                                          SHA-256:D1179F764FBBF2D7043E5255F943EEAFF1C0A34F0D5D858442F545C5BCF841DF
                                                                                                                                                                                                                                                                          SHA-512:97BC0E6A28643C928D2C5E787FD43EE7DD69D85C6284B5C9FEEE72E5FDFF3BF05CDC346D113F8F2AA4F1C694B048336968CA0733FF63756AC180CDB5E7670C28
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:598AEC1AD04E11E38309BE67AC4EC2E5" xmpMM:DocumentID="xmp.did:598AEC1BD04E11E38309BE67AC4EC2E5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:598AEC18D04E11E38309BE67AC4EC2E5" stRef:documentID="xmp.did:598AEC19D04E11E38309BE67AC4EC2E5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Small_fixerror_dis_left[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 12x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1415
                                                                                                                                                                                                                                                                          Entropy (8bit):6.452106359586615
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:FK1he91Wwjx82lY2T3ouViheYoyJ3VDMtWGKezn0PF0r4tin4DV9kZMb43:SqQNn2xoM4J3hAWVJd0cin4DVO
                                                                                                                                                                                                                                                                          MD5:1986FCBA35C1AE3DEC58BBAC236852BA
                                                                                                                                                                                                                                                                          SHA1:F1C72D0D2AFB637D9F13CB6004E1E7DE4572A3CD
                                                                                                                                                                                                                                                                          SHA-256:D1179F764FBBF2D7043E5255F943EEAFF1C0A34F0D5D858442F545C5BCF841DF
                                                                                                                                                                                                                                                                          SHA-512:97BC0E6A28643C928D2C5E787FD43EE7DD69D85C6284B5C9FEEE72E5FDFF3BF05CDC346D113F8F2AA4F1C694B048336968CA0733FF63756AC180CDB5E7670C28
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:598AEC1AD04E11E38309BE67AC4EC2E5" xmpMM:DocumentID="xmp.did:598AEC1BD04E11E38309BE67AC4EC2E5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:598AEC18D04E11E38309BE67AC4EC2E5" stRef:documentID="xmp.did:598AEC19D04E11E38309BE67AC4EC2E5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Small_fixerror_dis_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 33x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1712
                                                                                                                                                                                                                                                                          Entropy (8bit):6.834953459007878
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:FK1he91Wwjx82lY2T3ouVzV/g8yJ3VNwtaGKeCsGDynlKNwiPGC/+In9JzGpwV44:SqQNn2xlNgvJ3L2aVkGenswibn9JUj4
                                                                                                                                                                                                                                                                          MD5:2B8022BCE35465FFEF2C4623A6E738F2
                                                                                                                                                                                                                                                                          SHA1:55B6D029673126975D8EC7F994403CA7FFA58010
                                                                                                                                                                                                                                                                          SHA-256:CD55040B8EE783DF6126E9CF75450BB4C32011EF2FEED664BBA2E6C49DE1EFFB
                                                                                                                                                                                                                                                                          SHA-512:2C542BC8E257A8CD5452407240A7DF58690A01634721AE0CD5EE029C58AE9C4E370DBA2AF20E9E2F53A75F37101ABBCD44069AF8BD4FB88A6A5253F51EA8F02E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:72A0B3D5D04E11E38B7388A21504BCAA" xmpMM:DocumentID="xmp.did:72A0B3D6D04E11E38B7388A21504BCAA"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72A0B3D3D04E11E38B7388A21504BCAA" stRef:documentID="xmp.did:72A0B3D4D04E11E38B7388A21504BCAA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Small_fixerror_n_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 33x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                                                                                          Entropy (8bit):7.426589219447669
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SqQNn2xaJ3qlkVm4FW0UYfPOHPVVTHD0XgMm7u0nlSSvlL:bY2vSVm4FWn+WdrMHolnL
                                                                                                                                                                                                                                                                          MD5:6787C32225013100B06C8636EB2ADD69
                                                                                                                                                                                                                                                                          SHA1:6A622D3B240936144FDAAA0CECD7DE7D8EF865E3
                                                                                                                                                                                                                                                                          SHA-256:DC20C242781186C1B46BF38CF818F3FBB0A3CCBEEA2EC591821E1E48C99CDBF0
                                                                                                                                                                                                                                                                          SHA-512:5A9BAD6A3A035AD2C7BBFFBF0686222EBFD15831CCC9BD794E9E9B51F2E20A10531FD91DEDE35BF1B9DE1F2448AC305A49490AED9D5D27DBDBF571ADE9366F49
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:250EF150D9C011E3AED085162E12A34E" xmpMM:DocumentID="xmp.did:250EF151D9C011E3AED085162E12A34E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:250EF14ED9C011E3AED085162E12A34E" stRef:documentID="xmp.did:250EF14FD9C011E3AED085162E12A34E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\afterinstall[1].htm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):194
                                                                                                                                                                                                                                                                          Entropy (8bit):4.740984292214869
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:q43tISl6kXiWHiHuwWSU6XlI5LP47eIpfGu:TPdHiHZVvlI5r4NGu
                                                                                                                                                                                                                                                                          MD5:EC0F2D6D8DA7997A10F72A2537729E59
                                                                                                                                                                                                                                                                          SHA1:D6B8CA36F266D92775F5B757E65B8C10C747C30A
                                                                                                                                                                                                                                                                          SHA-256:95E1144AE5FABA1D6EA1AC58B29B1E8D0399125E4DBC6A17D50D0BF5CF3BDCF8
                                                                                                                                                                                                                                                                          SHA-512:AC07FCC825E53146730E857A4187AE906AD1F9F3B0B149488377218328D1315096E6068181C76BC95219B7D9AE2B7E91BA4923EB502E684371E313BA952EDA8B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.14.0 (Ubuntu)</center>..</body>..</html>..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\amazon[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 132 x 82
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5823
                                                                                                                                                                                                                                                                          Entropy (8bit):7.650616048283985
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:fCHR9H/pknS2ihE1f6lCTb/s0d/NIWgtUMb0bJ50dsd85t6D3qUWIYtJbKV:aH/pknGEBmCHzHLgKCs+vuYzK
                                                                                                                                                                                                                                                                          MD5:D94FB0DF334025C97D5871B3B1AE3574
                                                                                                                                                                                                                                                                          SHA1:B284ED8D3BE7BE3190CA490CD5E8D0040010DE99
                                                                                                                                                                                                                                                                          SHA-256:113A662A367001D70CFE9D3298C343E00B8D73DE91226EF196B4CC532F83B02F
                                                                                                                                                                                                                                                                          SHA-512:17A79FC58AFC946820502B617C76A84EA18D5158ECADA9137507375174E0CD47651FC06ABDF95C23719E0C2B4B235EE15B5FE1ABC97CE22A6A2F229F8363F628
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..R..........ihiSST:9:.+,...ropYUW...............'$%........................JFG........................". ............trs............wvv......... ....S...[[\...........d..........................KJK.........bbbOMN.............................><=........r...............1/0.............@?@...423..................."..\......wtu......b_`..............l...CBC.........HEF..............zzz.!"...667|xy...+')-12........y........nklhef.............................*...........1....}.....C..g...hcd.........[WX.....t..,...69::68.........`\].....D..m........................A956...............ROP........Z.....GGH..Mjgh...........f...WXX.....'......?BB................=........$.....>..9..6..........................KOP..q..............+.....M..:..0......!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/199

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\awards_blank[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 166 x 53
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1537
                                                                                                                                                                                                                                                                          Entropy (8bit):7.262596755468636
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:Pfmval1hxWwjx82lY2T3UV49xn1RLyJ3V4b8nGcbGY8+SPIfv+i2/eL+n7muTEXU:PR6Nn2wSD+J3SuTL8BPdiTL+7fTWnU
                                                                                                                                                                                                                                                                          MD5:1DF5A1CF0E9129DD59E9FFA90AA029E7
                                                                                                                                                                                                                                                                          SHA1:B83BD710ACFF820615544E0B8B29F8B305F9C33E
                                                                                                                                                                                                                                                                          SHA-256:738B2266B947046C49E2365175CB14DC8446B954A718A273FC0D490512C672C0
                                                                                                                                                                                                                                                                          SHA-512:FE6617851EAE7B0832DE26EA5950CE73D5A7B60541F64256FAF402080CD909352A2C2CE4F825492219385830FDC8497CDD804282B768C1726591F89F6FD16B24
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..5....................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Macintosh)" xmpMM:InstanceID="xmp.iid:9C919B79032D11E88931AC00146A74A2" xmpMM:DocumentID="xmp.did:9C919B7A032D11E88931AC00146A74A2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9C919B77032D11E88931AC00146A74A2" stRef:documentID="xmp.did:9C919B78032D11E88931AC00146A74A2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}|{zyxwvutsrq

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\backup_status_bg_bottom[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 210 x 10
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):278
                                                                                                                                                                                                                                                                          Entropy (8bit):6.468844918386133
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:/hmf0ut4TubMUSoZTgZ/l2Wu/he9EsR19fp7n7g+7aR5sGGn:/2teILMZ/K/he9EUL7a/sGGn
                                                                                                                                                                                                                                                                          MD5:DB42F12DA5A06EC33B7C4D057B922EDA
                                                                                                                                                                                                                                                                          SHA1:B5DA3BF429FCD8DD98F072B3EE033C958D06586A
                                                                                                                                                                                                                                                                          SHA-256:BA859EBBB36E4D1BE7423A8DAC831055745AD6F4D745CE52AD31E07BD974FAAD
                                                                                                                                                                                                                                                                          SHA-512:70E89367DEB91EC8F341AC64F1EC8DD54DAA2DF9F15A541C3DA001F5D683C5BE4198F80952CB8684479BDD22A826E096B479D09B69436804DEF69E4736D27069
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................................................................!.......,.............\di.h..l.p,.t-..h.|... ..8...r.;<...tJ....A...z........... \...zN.......x..V....%...P...........................(.Z.9...................Yn%!.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\btn_Upgrade_full_version_down[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 246x43, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3287
                                                                                                                                                                                                                                                                          Entropy (8bit):7.161488799558458
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:mPPMdLlp0G+FVWjNth2QkkM9cttttttttttttt/:nwrVWjNtRkkMOttttttttttttt/
                                                                                                                                                                                                                                                                          MD5:D82D1AB5102E54214E5CEF91E4CB08CC
                                                                                                                                                                                                                                                                          SHA1:064AA78FAA67F837F028CE373583A2947EA7F0AC
                                                                                                                                                                                                                                                                          SHA-256:A289139FD4BE251965E6CB74E2C0B4DC7D9EEFAE413DA33358BBAA1D3D74F21D
                                                                                                                                                                                                                                                                          SHA-512:473C8CFDE778901E574D7C42427A37399957F846ED0814565A5E2461E5F1E5708BAF4AC1EDFC85BD09E8210BFADC465B262CACB19A8BD21CCB2A870713BC4E87
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:670F7053328711E08880988A870B2BEA" xmpMM:InstanceID="xmp.iid:670F7052328711E08880988A870B2BEA" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:184C68AE30F711E0A0A18D724D62F9F5" stRef:documentID="xmp.did:184C68AF30F711E0A0A18D724D62F9F5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................+.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\btn_blue_left_d[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1419
                                                                                                                                                                                                                                                                          Entropy (8bit):6.619701724268077
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVjJX4jayJ3Vj3BqUJfGsvEn5N9om3BQdvl11phLvEkhL:/qWHNn2qHAhJ3dZJfG5Nat1/VEkqXa
                                                                                                                                                                                                                                                                          MD5:DD25EFBEC411B3EFA3B83F61F2EA0B08
                                                                                                                                                                                                                                                                          SHA1:67603529F92ACF8DF0A5978C2EEB88788893B806
                                                                                                                                                                                                                                                                          SHA-256:21EF450AF611D517A2FF634AA26BCBD3E62033D0751A476F01E5AC2AE17EC5CA
                                                                                                                                                                                                                                                                          SHA-512:F69D49C6ED8D03FF2F949D203C5AC2CF58E3666379934BC170E9A1F9D4691DD4A057A8BAAB6914EB6247B5C2B2546FF38278CCE9CC9C3CCC58A0FB50A0276C6A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:FB3AA89D380111E0A17DE6A508933176" xmpMM:DocumentID="xmp.did:FB3AA89E380111E0A17DE6A508933176"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FB3AA89B380111E0A17DE6A508933176" stRef:documentID="xmp.did:FB3AA89C380111E0A17DE6A508933176"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\btn_blue_middle_d[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1223
                                                                                                                                                                                                                                                                          Entropy (8bit):6.120551639127836
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVCz2zaQ292yJ3VR2MMa2pGsO9kFBkdByw:/qWHNn2qqWIJ3D5GxkdUw
                                                                                                                                                                                                                                                                          MD5:0FBA1D5D5DB1351D633F74BA9C9A6D7B
                                                                                                                                                                                                                                                                          SHA1:717F462891D9846B49A60F3A7C63DE8EE1902583
                                                                                                                                                                                                                                                                          SHA-256:0B0E507BA8761F37564B3407367F4433AA90EA5793EE976F4A9AF447824010AB
                                                                                                                                                                                                                                                                          SHA-512:64053A04096865DA73342848B933A86D1DA40920261D1EB00DC726EF9EB067613BDB88198424FBF32F400968F71139BA17734D369F07EE2133317CF24D63BD1D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:305974A1380211E0A3C39CE72E882A3C" xmpMM:DocumentID="xmp.did:305974A2380211E0A3C39CE72E882A3C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3059749F380211E0A3C39CE72E882A3C" stRef:documentID="xmp.did:305974A0380211E0A3C39CE72E882A3C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\btn_blue_middle_h[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1232
                                                                                                                                                                                                                                                                          Entropy (8bit):6.180535719046466
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVR/LaOyJ3VR+MtGsOcl3YfQB9d88:/qWHNn2qTzwJ3TX1O09dj
                                                                                                                                                                                                                                                                          MD5:CE495F2C88C485F9277A83567518D308
                                                                                                                                                                                                                                                                          SHA1:C412857C41DCF40AE9E7F9E6EF6F857151C6C35B
                                                                                                                                                                                                                                                                          SHA-256:ACFA950C9C9799DFB1010B8F4051B8F7F428D0C217A3DD94CEC4FBEA8FA75EF7
                                                                                                                                                                                                                                                                          SHA-512:C6893FFBDAC253EC6FECA060EB00586CDF0A3B1C60C45E78FDE6001174B1C03429295B87A09D46F53BA6B2F2D3FBED567D60FEF3820E24A7CFEF1994911E7774
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:F7365387380011E0BBB9F2D58EEF10E7" xmpMM:DocumentID="xmp.did:F7365388380011E0BBB9F2D58EEF10E7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F7365385380011E0BBB9F2D58EEF10E7" stRef:documentID="xmp.did:F7365386380011E0BBB9F2D58EEF10E7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\btn_blue_right_h[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1579
                                                                                                                                                                                                                                                                          Entropy (8bit):6.860906265073917
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkV+a/LyJ3VNiGsvEZlE90/y6Bgviy1puqxakWDdOe:/qWHNn2qgwGJ3if90ZWveqsEe
                                                                                                                                                                                                                                                                          MD5:50B447651E21194F04CB8264759E3AC3
                                                                                                                                                                                                                                                                          SHA1:3304817EDC739ED5EACF3EA2D53A9D0109E3D8F6
                                                                                                                                                                                                                                                                          SHA-256:F27F700812A7FF68B447DD8AA9A2E86450FCC00EF453C92B261641A3DE1780BD
                                                                                                                                                                                                                                                                          SHA-512:138B1676A5B0C1C855B7E7EEF0D89467AE7A839B3773DB4F1A5EB7EF7FFF5BE2CD2164B84F418E285530BAC2C1F98A2A93A79C954D603B920EE86B44B1116FF3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:8BD1737B380111E084C7EEB042A48667" xmpMM:DocumentID="xmp.did:8BD1737C380111E084C7EEB042A48667"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8BD17379380111E084C7EEB042A48667" stRef:documentID="xmp.did:8BD1737A380111E084C7EEB042A48667"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\calculate[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 19 x 19
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5359
                                                                                                                                                                                                                                                                          Entropy (8bit):6.954903601507637
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:h80GbU/kgsWrO5blAu8zx3P0BviGTZVDZ60lhtePyAxlb0wuXeraVWorwL/nxP+v:rygj6P7FT/LhtePyAxlb0wTrroUnQv
                                                                                                                                                                                                                                                                          MD5:A93744DEA3EEBA9C355D0817FFF0A575
                                                                                                                                                                                                                                                                          SHA1:26A9BC595D2373C3B124D836E47A328FEA59486A
                                                                                                                                                                                                                                                                          SHA-256:7FAE0F50E85C766E40D22B8C8A851599D2A41B9E9F4E01A180ADE2850E0F038F
                                                                                                                                                                                                                                                                          SHA-512:B4F56C80F84099349745A9F4AC983EB9F85C4F30435AD20D5C2B919BDBB9B136830B6A66AEAFA9E0638806648ECD72EF605FE0903466C4D338CF9C088698E69D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................LJL............dfd$"$............dbd.........|z|424TRT......<:<............LNL............ljl...................|~|464............................................................!..NETSCAPE2.0.....!.....,.,...........@.P..>..ah.d!&..K..B....T2$..`a.,....4.V........-..(.....!..&W..,.o....C&.,&#..K.'...\,...KC..(...jB...(..)...%....*.B......%.z...(.B..R\..B..."%..# .."... .B&E...K.....(.......Jj..$)L@0Q.N.d]N......T.<l@.dD.C.>(...8.. 0..$..!...../.,..................DBD....dbd............$"$trt......TRT...................ljl424|~|.........LNL....dfd............tvt......\^\.............<:<.......................................................P..2*..j.|...b..z.4.D.5.a"/R.....#.h.t:.UE2YT.,.+T..D..#(#$.'N..m..."/.KB"d)...i.. ..[m.-.iC,...)),C*$'.......'. ....B.......z.#.+.B,.E[).L)-.....$."Z...&E+)C....$i$.Z.......$.#.B.l.>|`.@A...(...d....<(("B..dC..."A..B"0...@.3.A..!.....0.,..................LJL....dfd$"$............tvt424.........lnl............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\close_btn[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 30x10, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):689
                                                                                                                                                                                                                                                                          Entropy (8bit):6.258485082542405
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0DkPOSgtKTUqooYjo4tOSDsSL8CwtBy98g9OmKNP8:TSB/TUbdrDsCIBu9Ojy
                                                                                                                                                                                                                                                                          MD5:29FDBE008F2A25179B46403D98EB8C2C
                                                                                                                                                                                                                                                                          SHA1:6D89EAAB48B8DB1F3DEEF67F8852F7EC0BDB8696
                                                                                                                                                                                                                                                                          SHA-256:98E572F2F62881F265692BD8C82CD89989C0FC94237FE267DDB494C9A595EB8A
                                                                                                                                                                                                                                                                          SHA-512:D0C780F44778CEA4A74EF9F6F9DFF591A89B42C75B2272D8053C106D5A685E586492A12E7244E0DEA0298D9FBB6C52C11420923147CF61B746E93FCED260ACC5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................r...................................................................8..79....f.H...C%VGWg.Ii.*..............................?.......3...]K.IS......s=g..\....,7.0.*..Hx...........#..2.\.#...$P "X..F.....eL..AfI..mdG4(..T............H........yt.\.wJZL.'.l<.3.B...A...p.p....+.../..L.......z."...y.....g...=/` :.]..71S....S.JO8...+K-uz.n.eL..... Rj..)L"I"~.&G...Q...`.....@L....3....v7.\...{uW..q. .l..6S.n.}...i...c.c.....k[.0.....>^.6...e...?..Yu....u`..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\cloudBackup_restore[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 155 x 163
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):26306
                                                                                                                                                                                                                                                                          Entropy (8bit):7.86959156469231
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:IkljEHxcdplpu1Zi00rxyybENIUwt1NYK:zlIHxcXu1U0qSwtnT
                                                                                                                                                                                                                                                                          MD5:839B126AAD47D41A4E5BF7EF49598F35
                                                                                                                                                                                                                                                                          SHA1:8B4D7F0238340A050A3C64B96E3A3EABA0177D8D
                                                                                                                                                                                                                                                                          SHA-256:B80B0A884F7F41E50D9F29038B881FDDDD1BAC3704EC6892DF4150EE31F9B1F4
                                                                                                                                                                                                                                                                          SHA-512:B79CBC83D7CD187684371AA2DF5E6B6FE172C792C2496EB9948D8F6B2800348CC8545F17085D655892FC07F2E66690647E7C71C741116A1F7A78AB088A9CFDC4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.........................................l.........................M................................v.>`i...............4.f.Zuu................qH....................F.............d.....t.................8....O..................................Ox.............................q..z....-...............................L............................}).......................................................................................................................................................................................|....................................zyy....................................g..................................................................e...............................................L...............!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\cloud_effect[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 733 x 326
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9229
                                                                                                                                                                                                                                                                          Entropy (8bit):7.821348036847392
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:CBLez/CE8CgzgNV7ul7/soM/2YSEmGDpyAtvxlc7vq+kQW4l8YXYbhlWQ7mA:CBCzqE8RgX7O42mt1Xdc7vdkQS7LyA
                                                                                                                                                                                                                                                                          MD5:D48A9A290CFA2DCE1D1BA3D94B6BEC6C
                                                                                                                                                                                                                                                                          SHA1:0487A6AD6ABAC5CFA7E6A3CF6F48B5D2E03681D4
                                                                                                                                                                                                                                                                          SHA-256:A7FE0BC658EE8E35F662971C0F1BCA60074D1A4258C3F51D6EE1356DA30BC2B0
                                                                                                                                                                                                                                                                          SHA-512:A4181ACD1A70146AEC738118374EB6028CA156EEA5C57F0A8D030FF90E36E98342446F00763EB90E56F93E67560CE4194E84FE556C7BEF3BA4E019E74DBBDB75
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..F....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,......F........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]....P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k.....C..M....S.^....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\emailconfirm[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1411
                                                                                                                                                                                                                                                                          Entropy (8bit):7.131974568456624
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:doUGkZ/8DHWal1hiyWwjx82lY2T37VFiud0FudyJ3VFouY0buSGY8gwhlrAnj:9G+8XuNn2vPiXF1J3PoubbL8gwHAj
                                                                                                                                                                                                                                                                          MD5:1DA61B979865C51AD934019A62C7F1BC
                                                                                                                                                                                                                                                                          SHA1:BEF257F7BC100C8329D1DADA06B2A7802623BE87
                                                                                                                                                                                                                                                                          SHA-256:47831ECFA3F7F021CFF3D0E8686F73B08C06FBD65A2BFC3BB0FB510927CC313D
                                                                                                                                                                                                                                                                          SHA-512:E8C9731C48387101143C648B91B07E2DF92CE426A19040194B0C331554E98B8FE67E6BB15546F5855E27B00A96D2E19FDFF8D290F102A2E3B849D47A356D345A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................rty...suz.................................................................................................{}.tv{qsx...............!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Windows)" xmpMM:InstanceID="xmp.iid:D796F20C998C11E5A032A0C0AB7B5F99" xmpMM:DocumentID="xmp.did:D796F20D998C11E5A032A0C0AB7B5F99"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D796F20A998C11E5A032A0C0AB7B5F99" stRef:documentID="xmp.did:D796F20B998C11E5A032A0C0AB7B5F99"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\error_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x65, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):356
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7511525303414515
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmB9mMqtlDlW2t5/H3lClI6q:2P0DkzRrx/8Zq
                                                                                                                                                                                                                                                                          MD5:844A84E2CE8064ADFAADCCBBF988FD19
                                                                                                                                                                                                                                                                          SHA1:7D14B794EC95CE10CB2C835A10CB4E5C56A3119F
                                                                                                                                                                                                                                                                          SHA-256:1BC7E2AAC827863D813A7FEFB6C6ED538CCC6A56628B54AC8C83190A91B317FA
                                                                                                                                                                                                                                                                          SHA-512:A95281B618E32FE6E3163254F760DC291B103F3856446D056EFA0A4D2D4AEB7E4F33FE1AF6508C24789B59ED276EF1159E81C355C14EAE96AC940ABACFCBF960
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................A...............^..................................................................V......................S..............?.....s.z9pq..w...b.LU........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\flags_strip[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 280x11, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7619
                                                                                                                                                                                                                                                                          Entropy (8bit):7.9287469045010495
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:TsKpemkEEq5l9IH5reFcIpT3qNXgiO4zc7GbNz/+:TXPkETbiFeFcm3qNwP4Pa
                                                                                                                                                                                                                                                                          MD5:7C84480A76F64798BEC94B313F71B2BB
                                                                                                                                                                                                                                                                          SHA1:08560293093B0E1DD1285832908DC4C37DEB7243
                                                                                                                                                                                                                                                                          SHA-256:0021894CE69DEC0C013358D961885925711ACD5F6A406FE8493AB371B1D17831
                                                                                                                                                                                                                                                                          SHA-512:566CBC354B400F74C0E1C3D063B51894A2A1DCF407635A98398F9AEB5D859EE3049B5C6987AC86E572EE7680F2F2DD88646629A530B2EEC73BA1B1926C34DF6F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.........................................................................................................................................................................................................................................................."#$.!1%.A4&..2b356f'7..XQaRCSc.DTd..e.VWg.8.............................!1...Q"23.Aa#S4...q..BR.c.5...brC$.%e.6....EU..F7W.....TG.............?..B@.XEQ.I.>....t....v.9../.BG...8$.$....$..}.0.".y..J0.Hmv.......a0....DO...?pO..<.0;C\.p....{...Oj...{...6.8Lcm.T..f.Z9.Nm.h... .K..QFzt..=m9-%.a.].6|C|v?..9}...-.\V..~2.ns.6..AG;....h.)..RRP|*....:t..h..}...wq`.Iq].C7+zx\...A.v...}.W...AU".-.K,@.8...^s.U0.*l.2......|.FU..#..5.\.jq..gZ....u.....6........l...n..+.q.Z...U......P.+.R.`M@.sBN|"H..p....9......w.J..Z.79.Tv..9.r.T`......Jm.....F9T7+F6....J@".US..$gQ..&...#........K...w.t.t.w....Z..B.\..|...L.P...q0.D@...%...Dy..h...%Sx..=*.iZ...G.9UQ...N....UL.7g.c*.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\free_space_bg_2[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 79x56, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1563
                                                                                                                                                                                                                                                                          Entropy (8bit):6.597753710847991
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:uqQvnLpQ6yrnwNIJ3RkQYpuey1O1O1O1O1D6X:vQtQ6swNRQY7WqqqqD6X
                                                                                                                                                                                                                                                                          MD5:7CDC50320F3E7AB87B0FCDF879E36CDE
                                                                                                                                                                                                                                                                          SHA1:935F07B6B4140FAE920CA8488C43B9E8B138EE1C
                                                                                                                                                                                                                                                                          SHA-256:9EC58FA0BB63B9E9FBB36C7B86193880977FED8D7D0CF2ADCC833E45FFAD2C7D
                                                                                                                                                                                                                                                                          SHA-512:6CDC6791F027F656B8307771961A17EB9FE07271913695DD0F3F10DE02C4CA2906016868608895230E2B3DE315CDA8CC193B503BAAF86B13638E1E216C00A5BD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......<....._http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="21B4D8C4F05946BE8A54111997DEB079" xmpMM:DocumentID="xmp.did:1E1A093FA2BA11E3B12FA7A68388786D" xmpMM:InstanceID="xmp.iid:1E1A093EA2BA11E3B12FA7A68388786D" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:35F44DEBC5BBE211ACEDE45AB4E6C8DB" stRef:documentID="21B4D8C4F05946BE8A54111997DEB079"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\getipaddress[1].htm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):194
                                                                                                                                                                                                                                                                          Entropy (8bit):4.740984292214869
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:q43tISl6kXiWHiHuwWSU6XlI5LP47eIpfGu:TPdHiHZVvlI5r4NGu
                                                                                                                                                                                                                                                                          MD5:EC0F2D6D8DA7997A10F72A2537729E59
                                                                                                                                                                                                                                                                          SHA1:D6B8CA36F266D92775F5B757E65B8C10C747C30A
                                                                                                                                                                                                                                                                          SHA-256:95E1144AE5FABA1D6EA1AC58B29B1E8D0399125E4DBC6A17D50D0BF5CF3BDCF8
                                                                                                                                                                                                                                                                          SHA-512:AC07FCC825E53146730E857A4187AE906AD1F9F3B0B149488377218328D1315096E6068181C76BC95219B7D9AE2B7E91BA4923EB502E684371E313BA952EDA8B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.14.0 (Ubuntu)</center>..</body>..</html>..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\graph_bg_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 8 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):192
                                                                                                                                                                                                                                                                          Entropy (8bit):6.355224619404955
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlvvtcm4RthwkBDsTBZtH9AyfU1QNdl+YnDEaWvMAOvgposAbljp:6v/lhPD4nDspH7fOXYnDEa1ADosAbljp
                                                                                                                                                                                                                                                                          MD5:672C70122DA76E18A948290E077BC7C2
                                                                                                                                                                                                                                                                          SHA1:4EE6A30E03CFF600FD2E6AD9779B0F6281681ECD
                                                                                                                                                                                                                                                                          SHA-256:60575D936583C15466C674E7025AB167E943C3916F52FAD4A1B04E18A24E0DF1
                                                                                                                                                                                                                                                                          SHA-512:B4D14D357DB1FC8A6A70720C313A47045F5CD79567A76BF70AE38039433965588BC52006E1C2D6AB40D7FACBE8EB320CEED1A4B1A3CEB1ED593FC4934E75D307
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......(.....L.,.....tEXtSoftware.Adobe ImageReadyq.e<...bIDATx..1.. .E..f..9.t@.4.M.'.o....skMDJ).wz.1.9....p......8.G..."...1F.5W..).+.f6.c..V.Z+.)....t.2...i.....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\graph_bg_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 1 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):120
                                                                                                                                                                                                                                                                          Entropy (8bit):5.411697445587176
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlEXttbiffRthwkBDsTBZt/9VWT8c//jp:6v/lhPKkJnDsp/Do/jp
                                                                                                                                                                                                                                                                          MD5:4999C8F3B0DE1A4F1E77BCDDA9380247
                                                                                                                                                                                                                                                                          SHA1:F6E3E27EFB0E173A32F1C66C5DE7EE708C8ED888
                                                                                                                                                                                                                                                                          SHA-256:FD50E8DA5693E727BFE219D799DAFD6ABCC97455B3FE288952B69055DE3DAAF4
                                                                                                                                                                                                                                                                          SHA-512:D3692D41497FD9FD956C6C5150FF12C71A7775F302F12A06D3DD92FC337B8BF9C8915BBB3710B7A4D6A25497547A90F8790A1F1567CB3C3839862DA4CCD0CF8F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......(........ ....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.bx....`.7o.d....@.....k.:......IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\graph_bg_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 8 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):220
                                                                                                                                                                                                                                                                          Entropy (8bit):6.4626793807396
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:6v/lhPD4nDspbAkflPX/fR18Jfs8CzesMMNpA0FWNhwjlQjp:6v/7z1AyvfRWpSesMP03I
                                                                                                                                                                                                                                                                          MD5:409BDF7490A8385468128632F8ABBFE7
                                                                                                                                                                                                                                                                          SHA1:AC81DD78AC5E34897936406860B4BEC251077664
                                                                                                                                                                                                                                                                          SHA-256:64F3B4625A5AD1019166CC2660158AAC335B4CB0F964B520165445EB1469F699
                                                                                                                                                                                                                                                                          SHA-512:7A55F5DADD8CC40EC1CAB20F040B400A9F4F01164B42D6787522061A0BC5B18D47E0FBB4C4D68FEC7F210DFF0E93F63618C5B1F889476C14856F454BDC9B416F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......(.....L.,.....tEXtSoftware.Adobe ImageReadyq.e<...~IDATx..;.. ...~.Q.....PPP.<.bH...SX8.Z.9..".Rj.q2.].1J)...s...S..[ko..).Z.[.....,........L..h..gKJ).)P.t.sk.1..(.p.....w....;.l=mu....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\graph_bg_right[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 8 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):220
                                                                                                                                                                                                                                                                          Entropy (8bit):6.4626793807396
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:6v/lhPD4nDspbAkflPX/fR18Jfs8CzesMMNpA0FWNhwjlQjp:6v/7z1AyvfRWpSesMP03I
                                                                                                                                                                                                                                                                          MD5:409BDF7490A8385468128632F8ABBFE7
                                                                                                                                                                                                                                                                          SHA1:AC81DD78AC5E34897936406860B4BEC251077664
                                                                                                                                                                                                                                                                          SHA-256:64F3B4625A5AD1019166CC2660158AAC335B4CB0F964B520165445EB1469F699
                                                                                                                                                                                                                                                                          SHA-512:7A55F5DADD8CC40EC1CAB20F040B400A9F4F01164B42D6787522061A0BC5B18D47E0FBB4C4D68FEC7F210DFF0E93F63618C5B1F889476C14856F454BDC9B416F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......(.....L.,.....tEXtSoftware.Adobe ImageReadyq.e<...~IDATx..;.. ...~.Q.....PPP.<.bH...SX8.Z.9..".Rj.q2.].1J)...s...S..[ko..).Z.[.....,........L..h..gKJ).)P.t.sk.1..(.p.....w....;.l=mu....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\home_status_bottom_left_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 225x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1410
                                                                                                                                                                                                                                                                          Entropy (8bit):6.1445270877091716
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:WjJdY7FhxmxpUtpUtpUtNngsvJWaaspnBUY7uvJY7oxxFFFFFFFFFFFFFFFFFFFf:OJcmxpUtpUtpUtpryuwxFFFFFFFFFFFf
                                                                                                                                                                                                                                                                          MD5:795AC43AD12F42E91ABB8202E7329906
                                                                                                                                                                                                                                                                          SHA1:BA1DFD1984934225BA67ADEF502B8C97B57F861A
                                                                                                                                                                                                                                                                          SHA-256:BC492ECD86CD39977BE4EBF1BEF65EDE8B528767B56E2FBE8363973B245F3C1B
                                                                                                                                                                                                                                                                          SHA-512:5C91E7FA390C5CE24282182DC1AEA899EEA062D73355A0941FEC0980BA1D23FCE8B74D9362B4618928569CA594E3B69C758947B5F7045303A6AF9665298767E7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................V...............p....................................................................QT..t6.R.C....................b..$.q.3...............?...]d.z...Z...x.K\?.<D...q.O....;h...\]F....*.....\]@0.p.....n.qu..m......U.........`6.W.P...*.....\]@0.p.....n.qu..m......U.........`6.W.P...*.....\]@0.p.....n.qu..m......U.........`6.W.P...*.....\]@0.p.......=W.o.I.....xG...m...........................;Z.....I3..\v..>..;h.#B.H..H..H..H..H..H..H..H..H..H..H..H..H....}s.|F.$..~.;i./O_..R4,.........................j1...#..H|.\v..>..;h.8..'........q.8..@N '........q.8..@N '........q.8..@N '.........}W.o.I.........E#B........................M....+..L..?W........)..........................v...U....g......|v.D..................................?W........)..........................n...U.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\home_status_bottom_left_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 225x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2450
                                                                                                                                                                                                                                                                          Entropy (8bit):6.6042473155763295
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rVUKTFzCCTlyJ3VETAeTKGKRbi6yelO1YQVVVVVVVVVVVVn:NpNn2feKpRIJ3mHGV94elOS3tZXn0
                                                                                                                                                                                                                                                                          MD5:AB0D4A39E016E9808197C0C5FFAF9B96
                                                                                                                                                                                                                                                                          SHA1:94F2E56031AB85F6D4AA5276203A49B878F9BCDC
                                                                                                                                                                                                                                                                          SHA-256:F70DF2D18B25799FBD40588B4FCD20BAD4898D35C8A83CAA0004372519BF590E
                                                                                                                                                                                                                                                                          SHA-512:32D7B52252F8F172DC47762872408AB67B4B86048D972E9F7B93672A001B17E9BC935DA692E6F517DF6DE34854E15A5F0FE559C2635370CAD3DB9CB92E3D593D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:E33AC6BCF18C11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:E33AC6BDF18C11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A95BEF5BF18C11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:A95BEF5CF18C11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\home_status_bottom_middle_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):368
                                                                                                                                                                                                                                                                          Entropy (8bit):4.6064430251576685
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltlasluqnc2LBO8IW48MW1Ylk/jmMeBtCrShXlOxLsBYvl/wcd4:2P+Ec2bF5nYbNyL/Ld4
                                                                                                                                                                                                                                                                          MD5:466FBCEEEB33880C685707562DBEFE40
                                                                                                                                                                                                                                                                          SHA1:6BF2CB884D506F92E35DCF0EA24BF96404F9961F
                                                                                                                                                                                                                                                                          SHA-256:F31B0A73FE644B175CD1D770E299645A5153C566D88B15483B680511A09D604C
                                                                                                                                                                                                                                                                          SHA-512:64E8CE2866DFB14F85025496DD4B89A5E745AB3F065A7917912324C285E66A741CDD8FE8DD27703418CC9E23BD9DADE9860A35F314AAEDBDADA31F98DE8EFD46
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................V...............a....................................................................Q.T....................b$.............?...C[..Ws...L..Y.@..J.5.S...k..N\y....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\home_status_bottom_middle_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1197
                                                                                                                                                                                                                                                                          Entropy (8bit):5.822154442162251
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rVdFtlyJ3VCAzKGKxtA5D+3:NpNn2fAJ32VCK3
                                                                                                                                                                                                                                                                          MD5:AEF4F0E6AFF233517107739B1E9D0FA2
                                                                                                                                                                                                                                                                          SHA1:73B989EEDC37651874BB04EDFAA862DAEB810758
                                                                                                                                                                                                                                                                          SHA-256:0879DF0C6960F2D0685B480F63F872B3EC902B8A9C1D7220F82BE9C7DD059C9B
                                                                                                                                                                                                                                                                          SHA-512:BB7722072503EAC9189376FC89D09AC9B2E280B22274DD4152D27F94D8F6B9868F68BEFF15EE8936345148D7083700BF4EB8A2DB5AFB5ABF0ED545F893511094
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:F9CC6211F18B11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:F9CC6212F18B11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4F49B216F18B11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:F9CC6210F18B11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\home_status_top_left_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 225x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2222
                                                                                                                                                                                                                                                                          Entropy (8bit):6.70529035336675
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:WjJdYbbCPn9fNLHy1C2Hy1CYmgOZGEQa24IkRB0KOc444YFVyVny8hhSB7tYqM:OJICJWCLCYm/QaBB0KYy8hCY/
                                                                                                                                                                                                                                                                          MD5:0FB4D03D63023FD1EDFC4DE383E70F02
                                                                                                                                                                                                                                                                          SHA1:515065D180BCEC28A73D6413329E964BA6FCF10A
                                                                                                                                                                                                                                                                          SHA-256:F34FDBCE54828BC7E5AA8B3C349998497BD81B4A201863ABFC76029B667CA89A
                                                                                                                                                                                                                                                                          SHA-512:AC9346F6CAF5C797F360D69F52494BD19AD28437F387E26560EB0ECBA0069E219D2119795219B0A0984456494AFACBD6CAA585B7BA2C6386A4028802609963BA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d............................................................................................................................................................................................................................................t.U.6.T.1...$5&!.....................q..3Q.R......!A2.1..a."b............?.......y%.{...i...ujP.<....G...........3.&k.....d.kD...O.~..[{gM..NZ.....Le.vm..Gl.i.R.>=........7.m9j['...A.......M.-Kd...c(;6.c#.t.I..l...Le.f.Ldv..6..-.........}&...|{]1...}1..:o..r.O.k.2..o.2;gM..NZ....t.Pvm..Gl.i.R.>=........7.m9j['...A.......M.-Kd...c(;6.c#.t.I..l...Le.f.Ldv..6..-.........}&...|{]1...}1..:o..r.O.k.2..o.2;gM..NZ....t.Pvm..N4.*T2....t.._KN..a,...\0..0...a.......:.i,.F.G..*.+.........c...]...Ud.?..u~..k..g...z.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D..........T.......;?..<.M.p...........[....6..8......8.9Q..V.J."T...H.*D.R%J.*T.R.J."T...H.*D.R%J.*T.R.Zw..]...Uy.....W..l.?..F..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\home_status_top_left_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 225x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4980
                                                                                                                                                                                                                                                                          Entropy (8bit):7.579216161828146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:hjaNVzDpfCD4KgggWJA0tMtyfnfnf0NNNNNNi99dy:lgBC5y00NNNNNNi99dy
                                                                                                                                                                                                                                                                          MD5:88A91EAC353B103C311670FAB20DEFB9
                                                                                                                                                                                                                                                                          SHA1:D7CE0DD8748D4ACE18D3AB9C6E83B4A0F22E364A
                                                                                                                                                                                                                                                                          SHA-256:1F66070944281FEDFE03E856419B0A70DA776AA9A00B5B7873AA38214465ABFE
                                                                                                                                                                                                                                                                          SHA-512:2244247313CAE77817297ADC9269DEF2B3A5D2EDA86F74EAE64CE0235426367B1A91E3A54764F3DE363278BB85403137B77E5D7C0B5F3D0DA6C3A4FEE27318A0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d..... http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C7275612F18011ED9B64D66787F5FE3D" xmpMM:InstanceID="xmp.iid:C7275611F18011ED9B64D66787F5FE3D" xmp:CreatorTool="Adobe Photoshop 2023 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="D4C12271C32C73CCAEE11897934AFCBD" stRef:documentID="D4C12271C32C73CCAEE11897934AFCBD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d............................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\home_status_top_left_red[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 225x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4980
                                                                                                                                                                                                                                                                          Entropy (8bit):7.579216161828146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:hjaNVzDpfCD4KgggWJA0tMtyfnfnf0NNNNNNi99dy:lgBC5y00NNNNNNi99dy
                                                                                                                                                                                                                                                                          MD5:88A91EAC353B103C311670FAB20DEFB9
                                                                                                                                                                                                                                                                          SHA1:D7CE0DD8748D4ACE18D3AB9C6E83B4A0F22E364A
                                                                                                                                                                                                                                                                          SHA-256:1F66070944281FEDFE03E856419B0A70DA776AA9A00B5B7873AA38214465ABFE
                                                                                                                                                                                                                                                                          SHA-512:2244247313CAE77817297ADC9269DEF2B3A5D2EDA86F74EAE64CE0235426367B1A91E3A54764F3DE363278BB85403137B77E5D7C0B5F3D0DA6C3A4FEE27318A0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d..... http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C7275612F18011ED9B64D66787F5FE3D" xmpMM:InstanceID="xmp.iid:C7275611F18011ED9B64D66787F5FE3D" xmp:CreatorTool="Adobe Photoshop 2023 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="D4C12271C32C73CCAEE11897934AFCBD" stRef:documentID="D4C12271C32C73CCAEE11897934AFCBD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d............................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\home_status_top_middle_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):376
                                                                                                                                                                                                                                                                          Entropy (8bit):4.575143497593088
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltlasluqnc2LBO8IW48MW1YlE7mMeB7Iv+QTT0GJqtbTv56WaVs8:2P+Ec2bF5nY7a+QTGtvvI9s8
                                                                                                                                                                                                                                                                          MD5:A029FD277C6B2ED18FC8EBC1B4ECC798
                                                                                                                                                                                                                                                                          SHA1:4F4F69BD5134C4903091D3EDD78118B39D38FF5F
                                                                                                                                                                                                                                                                          SHA-256:88C564BBF554D0C11E280AE89C31CF20669849CCEDB2BE8748A14B0F9982A70D
                                                                                                                                                                                                                                                                          SHA-512:B85D79D13EAB87C7810217387BA71878ACF0F30B5365F5131D320CDD97E290B5F1EC8E91DE3CB2D61B83508EB8570C924B065D61CBD1F4A154957F79E3BEEFCF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................................a.................................................................T.......................Q.................?....QO....].m.b}9k..Y.......*......(..,....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\home_status_top_middle_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1290
                                                                                                                                                                                                                                                                          Entropy (8bit):6.095079726643481
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rVRFhlyJ3VjAHKGKRbRlj/Hk0RhV8XDDC1:NpNn2fAJ3TV9r/Hd3Vuy1
                                                                                                                                                                                                                                                                          MD5:D7A1A72BAAE377F8FE782775B543D1CE
                                                                                                                                                                                                                                                                          SHA1:0D3D7194A1CB623F51B96E82205A6383A6B1D597
                                                                                                                                                                                                                                                                          SHA-256:C200FDCFB3B360D3334948D987024B4F0E5852BE5FAE7CF72D38355F514216FF
                                                                                                                                                                                                                                                                          SHA-512:29A0A4A57BB2B983ECA78CD2813F54DA139FC4D7AF06481E758437C06795C352E86DA259A694C25AB6842B5A9166B30641980D9947DD503BFBA886AD463BD639
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:F9CC6215F18B11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:F9CC6216F18B11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F9CC6213F18B11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:F9CC6214F18B11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\home_status_top_middle_red[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1290
                                                                                                                                                                                                                                                                          Entropy (8bit):6.095079726643481
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rVRFhlyJ3VjAHKGKRbRlj/Hk0RhV8XDDC1:NpNn2fAJ3TV9r/Hd3Vuy1
                                                                                                                                                                                                                                                                          MD5:D7A1A72BAAE377F8FE782775B543D1CE
                                                                                                                                                                                                                                                                          SHA1:0D3D7194A1CB623F51B96E82205A6383A6B1D597
                                                                                                                                                                                                                                                                          SHA-256:C200FDCFB3B360D3334948D987024B4F0E5852BE5FAE7CF72D38355F514216FF
                                                                                                                                                                                                                                                                          SHA-512:29A0A4A57BB2B983ECA78CD2813F54DA139FC4D7AF06481E758437C06795C352E86DA259A694C25AB6842B5A9166B30641980D9947DD503BFBA886AD463BD639
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:F9CC6215F18B11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:F9CC6216F18B11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F9CC6213F18B11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:F9CC6214F18B11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\infoBackupPriority[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=3, software=Adobe Photoshop CC 2018 (Macintosh), datetime=2018-06-07T07:02:37+05:30], baseline, precision 8, 12x12, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1806
                                                                                                                                                                                                                                                                          Entropy (8bit):6.50616189908203
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:nxh64knSn2iC1E2T3J32gPVJZ1sNvTjXfvmZt:nxTknS2iC1fVJolnfvIt
                                                                                                                                                                                                                                                                          MD5:25E3BAA2411D4E70FC6B407427651B86
                                                                                                                                                                                                                                                                          SHA1:C29D3BDF21A8CCAF218107D117D48F15F6B1004D
                                                                                                                                                                                                                                                                          SHA-256:9BF964CC3D70BD4589AE9AE1FD65D459E9DF7DA93A314BEBA71CA169C04CB55A
                                                                                                                                                                                                                                                                          SHA-512:6DBA4C73C3D8FE1CD92252D14981FD75E26FA581A89E1F3929E8E6B68F5528754E20C8E597FDD3F4F7028780FADFEFB9A3C4279CD581337D1BEB87E49CA4BA85
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.......1...$...2...2.......V...i.......p.......Adobe Photoshop CC 2018 (Macintosh).2018-06-07T07:02:37+05:30...........0220........@.........................................Ducky.......K......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Macintosh)" xmp:CreateDate="2018-06-07T10:22:47+05:30" xmp:ModifyDate="2018-06-07T07:02:37+05:30" xmp:MetadataDate="2018-06-07T07:02:37+05:30" dc:format="image/jpeg" xmpMM:InstanceID="xmp.iid:0F047A34624311E884A2BCEA0DBA9CB0" xmpMM:DocumentID="xmp.did:0F047A35624311E884

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\inner_page_btn_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x65, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):388
                                                                                                                                                                                                                                                                          Entropy (8bit):4.298614456440593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmB9mMabH0tEetfitHJlJUXE6bvWJimH:2P0DkzRUBtfitVUXE8vMiM
                                                                                                                                                                                                                                                                          MD5:728838B59B34B11FFB04F0A696826DCE
                                                                                                                                                                                                                                                                          SHA1:95EBEF0CFEA4429E5708D2DF2AADFAAB14E857EB
                                                                                                                                                                                                                                                                          SHA-256:ABECC99F18DF9E07BE988F9F425F373035AED82E56B24B2F03EFF001A2C252F9
                                                                                                                                                                                                                                                                          SHA-512:C3F3B187D4028ADF1EBFE5AEF6C7EA5DBA3DC9BEA4C5E217FDA75B45B1757A6CC4D0D108E32C926BDB9967C708675922A74107444CB8AEF2EF3E607AD0665627
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................A...............e............................................................Q....a..R......V......................!............?...........qm......L!p.3:cJt......0. E...@.p.T:....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\inner_page_btn_bg[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x65, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):388
                                                                                                                                                                                                                                                                          Entropy (8bit):4.298614456440593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmB9mMabH0tEetfitHJlJUXE6bvWJimH:2P0DkzRUBtfitVUXE8vMiM
                                                                                                                                                                                                                                                                          MD5:728838B59B34B11FFB04F0A696826DCE
                                                                                                                                                                                                                                                                          SHA1:95EBEF0CFEA4429E5708D2DF2AADFAAB14E857EB
                                                                                                                                                                                                                                                                          SHA-256:ABECC99F18DF9E07BE988F9F425F373035AED82E56B24B2F03EFF001A2C252F9
                                                                                                                                                                                                                                                                          SHA-512:C3F3B187D4028ADF1EBFE5AEF6C7EA5DBA3DC9BEA4C5E217FDA75B45B1757A6CC4D0D108E32C926BDB9967C708675922A74107444CB8AEF2EF3E607AD0665627
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................A...............e............................................................Q....a..R......V......................!............?...........qm......L!p.3:cJt......0. E...@.p.T:....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\js[1].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4179)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):201580
                                                                                                                                                                                                                                                                          Entropy (8bit):5.535852848659529
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:Ujq+71vbzwHnHnF8cnp2LUF1eKPyUF722gY8pv1HkreiJ:oq8wH/zZ722v8pNHtc
                                                                                                                                                                                                                                                                          MD5:1B6116B1FB5B9224776BD515E1708B1D
                                                                                                                                                                                                                                                                          SHA1:82BA565710DC172476FEBE1B20ADA758B2D151FF
                                                                                                                                                                                                                                                                          SHA-256:1E615BDA5DFF023DF4D4BD9AF3DA6DF5B575326F11316F9C04EB559F7052B282
                                                                                                                                                                                                                                                                          SHA-512:C8C0D02AAA2F7D131C8F52059396C662B050F9C8F5686EF566CEF7CD7A2B92363E9556918EFD57952C2C5003A270777C0B0D01AEDDD5DB307B16513D6A1F4F08
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_1p_data_v2","priority":2,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":6},{"function":"__ccd_ga_first","priority":1,"vtp_instanceDestinationId":"UA-46722188-1","tag_id":9},{"function":"__rep","vtp_containerId":"UA-46722188-1","vtp_remoteConfig":["map"],"tag_id":1},{"function":"__zone","vtp_childContainers":["list",["map","publicId","G-50QHRC9E7B"]],"vtp_inheritParentConfig":true,"vtp_enableConfiguration":false,"tag_id":3},{"function":"__ccd_ga_last","priority":0,"vtp_instanceDestinationId":"UA-46722188-1","tag_id":8}],. "predicates":[{"function":"_eq","arg0":["macro",0],"arg1":"gtm.js"},{"function":"_e

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\js[2].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5955)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):299883
                                                                                                                                                                                                                                                                          Entropy (8bit):5.564139131183439
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:MK4agnq+71vbzwHn239M38rnp2LUF1eFS+MCY55CgY8pv1HgunLP/w22uaoa/on:B4Vq8wH2tPnVL55Cv8pNHggLn2uj
                                                                                                                                                                                                                                                                          MD5:624F4A74D18D448D73A89A6E96AF2301
                                                                                                                                                                                                                                                                          SHA1:BD60D36558259342F8D76D6B8F0EFE6390B880DE
                                                                                                                                                                                                                                                                          SHA-256:60C0E9F20511498704612691CFC2933A6E0056D55AF66D7A0916DDE6683C7740
                                                                                                                                                                                                                                                                          SHA-512:C3A729E2DF1D9801B67C38814EB8CDE3CE3AEF90FEC2F6BBEC3EFD4719145D66260BAEA131B9A3AF6839CB014F0366A18CADF73E86BC214347030E13786ED6CE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":14,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_email

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\left_black_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):71
                                                                                                                                                                                                                                                                          Entropy (8bit):4.724487268801714
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CslVHxl7/lXlZh3uE1C1bn:NlXlh1Q
                                                                                                                                                                                                                                                                          MD5:C1C6B9A2DE0F4D29A5895091D7EA3ACC
                                                                                                                                                                                                                                                                          SHA1:2DC3D63EDDBB032B124BA73DF02AFD34D3DF2698
                                                                                                                                                                                                                                                                          SHA-256:2A2C71D2FC12C1FF712FE23C46B3110F5C0C63ECC10DC689E1EFDF6332E2E06D
                                                                                                                                                                                                                                                                          SHA-512:956537BE2C60F95AE35F760CA76A97D6A71EC8E3EB5DB5D435B7386B961840A2D6A224ED662070E8B3760CE97C113D3E4EFCB2182886627598C4084548783EB2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a . ..........!.......,.... . ....................H.........;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\left_mgcp[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 170 x 59
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1591
                                                                                                                                                                                                                                                                          Entropy (8bit):7.56120281147269
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:bsR0ml5xEac9A4temQvlPzBwS/cqWdDERf4cbZAaovpn1A70rtwjs1:bEl5xEac5exl3vuIfJbZAfvJ1AwKju
                                                                                                                                                                                                                                                                          MD5:14A9661DD7FB5C2871E1CA65EA7ED270
                                                                                                                                                                                                                                                                          SHA1:E92FC71EED4B59A6659FB35624F0CD7E627003E9
                                                                                                                                                                                                                                                                          SHA-256:604ADC5BCD9A6C5619C991D2F71C2AE8D190AA07EAE40A25D4D65DF6C45BDE59
                                                                                                                                                                                                                                                                          SHA-512:BEAFB1991FFB35FF5D9C5BD62CAAB67B97F99463E528CA4A3E62227B9F0BF2B2207E5AE01E02702DA1D39F769D47E7B10B517F730ED21B6C3588C56DF944ABBC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..;...................}..x..s..m..h..c..b..\!.V$}P'xN(mI*\B-I:/.............................}}}mmm\\\III222..........................................................................................!.....".,......;......pH,...r.l:..tJ.Z..v..z..xL....z.n...|N.....~......._...q.... .]....F ...!..o.....G.....S...w...E...r..B...E....R .x...D..t.......!........D....D....!.........!.......!....D.tuX.!D...(......^......L.J..F.V.,..].R..&qB@d.4IQ.P.HQhT..3..f...oH..!..q.)..!W..I,Ej................2....Z.Z.t..E.jY.24......y.>.k....tc..[fT..Q.....,.Y ........'.......!.6.A9......t....O..E.....l.o.......Q.j...]2...i.10.F".H:#....s..S...5N.B...!..S..>.;O..B.....B.B$Gi......Q.~1!...zG.4.`..{..%\r...V?....w.QP.KA.-.AQ.......4.r'...H..e.x..eH.....U?.....r._....W..8.Ba.8D+o)........lI)D.*.h.8.x......O.|...........?.X..+...J.@.......@.R.z.........an..~..YO.@...Bl....iP...y.n........BK.F..b.v.].$.Q.......+...k..&...6..... ..G......P.@.-..:KP.\.L.jHAPt@.n..<.E.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\left_tel[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 165 x 41
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3034
                                                                                                                                                                                                                                                                          Entropy (8bit):7.712239281715832
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:vitTzdAIM9e2zuvxSfqQNn2xAtJ3zL868lMCIHLnfAishfp465lLQoY:qtJAIye2zuZSyY2Ig7enY3ftEX
                                                                                                                                                                                                                                                                          MD5:274A21F4F92464723048FD984A6ADE70
                                                                                                                                                                                                                                                                          SHA1:F95C6EB3F3EA684005270363D9E4F9DA50CC5C49
                                                                                                                                                                                                                                                                          SHA-256:4F9E168B64ED1609CCB0DCA55A7AE86AED4C1D569A21BDDFCDA2B2CDDBB7DC50
                                                                                                                                                                                                                                                                          SHA-512:198FF0FF72C300ACC6292C96B898BD74E1BD5F09756A68A44E9AC2AF40960EF6F412F4C6A37B71353762F07AF10EECEC8D11D2AD3082BC8E99ADF2774E1242E1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..)....UUUnnn.............9JQQQ.6I.......0......iii.q|.......<Ls....3..'.cX........BBBYYY.M]KKK..............www.#6MMM.........@P|...R`......999..........kkk...ttt..2<<<............EEE.CT....}.GGG.......4G.ap222..&...m.......#....2D..... ..-.7I@@@ppp...%%%.%9..'.+?....EX.0C..#AAA....:J.........,,,.......@R......OOO.FX000............aaa......................................___...ccc............|||......///eee....);???.P_.<O. 5...........am.......Vg...[[.......!........M^...CT....%)sss...]j.tk.oq..........EC../.......N_....gs.............../C....Yg..0....$$...<9.......Ub......jv.Sd.....FW.t.....:M......."..#..-.(:..+.......(:.EW.nd.wi{{{...ib.`a.UL...WQ~...x.............&9....DS.................-A........................^U..".k`.lc...!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/199

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\left_tel[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 165 x 41
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3034
                                                                                                                                                                                                                                                                          Entropy (8bit):7.712239281715832
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:vitTzdAIM9e2zuvxSfqQNn2xAtJ3zL868lMCIHLnfAishfp465lLQoY:qtJAIye2zuZSyY2Ig7enY3ftEX
                                                                                                                                                                                                                                                                          MD5:274A21F4F92464723048FD984A6ADE70
                                                                                                                                                                                                                                                                          SHA1:F95C6EB3F3EA684005270363D9E4F9DA50CC5C49
                                                                                                                                                                                                                                                                          SHA-256:4F9E168B64ED1609CCB0DCA55A7AE86AED4C1D569A21BDDFCDA2B2CDDBB7DC50
                                                                                                                                                                                                                                                                          SHA-512:198FF0FF72C300ACC6292C96B898BD74E1BD5F09756A68A44E9AC2AF40960EF6F412F4C6A37B71353762F07AF10EECEC8D11D2AD3082BC8E99ADF2774E1242E1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..)....UUUnnn.............9JQQQ.6I.......0......iii.q|.......<Ls....3..'.cX........BBBYYY.M]KKK..............www.#6MMM.........@P|...R`......999..........kkk...ttt..2<<<............EEE.CT....}.GGG.......4G.ap222..&...m.......#....2D..... ..-.7I@@@ppp...%%%.%9..'.+?....EX.0C..#AAA....:J.........,,,.......@R......OOO.FX000............aaa......................................___...ccc............|||......///eee....);???.P_.<O. 5...........am.......Vg...[[.......!........M^...CT....%)sss...]j.tk.oq..........EC../.......N_....gs.............../C....Yg..0....$$...<9.......Ub......jv.Sd.....FW.t.....:M......."..#..-.(:..+.......(:.EW.nd.wi{{{...ib.`a.UL...WQ~...x.............&9....DS.................-A........................^U..".k`.lc...!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/199

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\link[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 20x20, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1167
                                                                                                                                                                                                                                                                          Entropy (8bit):7.1691299774744905
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TurFBUbE3/R2p8bbWIwA80RxWB4Z0ee7YZs1u3:TpAvEpgNwapp8W
                                                                                                                                                                                                                                                                          MD5:648C66B11F03DEA636A51D6943D57D5D
                                                                                                                                                                                                                                                                          SHA1:8A31E7E26C5F410C034147871E06343A445417A0
                                                                                                                                                                                                                                                                          SHA-256:53FA813048C5434BA7B215B65F4489C64CB12DB3A7BD512A55146CBFACDCACA7
                                                                                                                                                                                                                                                                          SHA-512:756B7B061AB09E8D395777D5302D1411772EDF548FD04467156BACC6E9675ED9F8D3C9E41BE503352F75A4E067198478664258D8C1B306338E24F083E1861016
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................................................................................................$"#%.!3.........................!"....12...AQ..Bb..#3CE.............?.......B... .=.H-.-a...;.W.....6...Tk........q.5..D...b......0.a....dS..SV...5=Z.8WWY,y.....Q.B..'.L.."..!(..99..5>.S%..*.0S.L.A.IS.....W...(T5s.q.Y..Y..9/......Dt...;.,..7}...c...V..-.{w....p.n~q.H.!...v......z..y...|]...S?./.}/3.bR.R..H%.s)myP'.R9T.`;pBiE..|}Q..3.E1R/..&....i......Ci..4Y....GM.ji8w..R.=b.*.b.....HB`..@.E...U.....B. ..QM....[..p.SH)....c*.!.u.@.,...Or.{W...:!j....hed0......a.!8b...C`...l`B&....M0\. X.'..1F...*[..s..._AEM.Pla@...e.....(.z.....B....A*{.4......TMWS..J......@."1.$-.:..q..5.K..~.....5..C.p-...<.c.c..>l........t...K.....?0..7.-.2..Eb>..m..B6.5.....8....<...\.^xu.-....K...;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\minimize_btn[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 30x10, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):538
                                                                                                                                                                                                                                                                          Entropy (8bit):5.603527874127052
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0DkPtbt7AwE6wBiwxHJkfUv9oYJyD78:TSfJwgwtJkfQH/
                                                                                                                                                                                                                                                                          MD5:A2A3A358FDB02CC927F425662F6D848C
                                                                                                                                                                                                                                                                          SHA1:32BBFA82FA6C94F54F171D2517A7322D866DE93F
                                                                                                                                                                                                                                                                          SHA-256:F88352E2A77061426221DE7336A52FD539C01528376B2A8CBF089568D5ACD5F2
                                                                                                                                                                                                                                                                          SHA-512:E7F92D23A1133533A51D50F4390938D6D323946D137274675B438E3D22E657A4A1B04F43B53D6C6E49657B4D894E5A59AE01F7ED895DD07CC78470CAA1247D3E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................b...........................................................................X................................?......w.O.!...x...#.....5..RV.Q....x...n.....O...b..$...n."Y.=.j.*.UQ]@.7....N.....?...V..p.TKh..,e...wy\.}..QX...V..x.k..$.nZgp........OS.p.h..H.B.l.p.T.....a,.!...9=e.....rz...3.i..v... .......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\my-account-btn[1].png

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 149 x 43, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4694
                                                                                                                                                                                                                                                                          Entropy (8bit):7.859640539603329
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:8o7F52lNaoUFyphnhAfArGUCVEqQrETg8vCx262oK75bOri1:x7FathLCK5rc7vCw6PK7821
                                                                                                                                                                                                                                                                          MD5:58F2E2AF41A1C33F551EF8E7591E5C12
                                                                                                                                                                                                                                                                          SHA1:BF8A4AA980133F023A59D4426FBFBD96E04FFD7F
                                                                                                                                                                                                                                                                          SHA-256:C2EF8BE641D07899CA2B783C539C9C18FA241BC4C0CD63E68C627A58FAF03A91
                                                                                                                                                                                                                                                                          SHA-512:7FD8E6438A6BAD25338E3E6DD5B7E45F386353CCB91A26436CC91FCA27FC71C80427DAA4A13EA01A296323A4D5E8DCF9AD2DA046E65363C578B4AC8915AE983A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......+.......].....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmpMM:InstanceID="xmp.iid:075EBB63CC4311EC8321EC103BA57A9B" xmpMM:DocumentID="xmp.did:075EBB64CC4311EC8321EC103BA57A9B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:075EBB61CC4311EC8321EC103BA57A9B" stRef:documentID="xmp.did:075EBB62CC4311EC8321EC103BA57A9B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.MU.....IDATx..\.t.U..oUuwu^.y...t.F;b ....H.Cx..PHd.. ..<v..<vD.9;...#.D%.+AF.\MP .!.....H.[.;.........q..5N_.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\new_schedule[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 19 x 19
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1467
                                                                                                                                                                                                                                                                          Entropy (8bit):7.137519210371142
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:iODlXjal1he91Wwjx82lY2T3ouVA/f7AO2yJ3V4Dm6MGY88g/jX+:jDl0qQNn2xiZtJ3U2L88mb+
                                                                                                                                                                                                                                                                          MD5:1CB6A22A886F722B38108E007C63685A
                                                                                                                                                                                                                                                                          SHA1:B0AD8CC02B97979B3662ACE517234B2362EAFD16
                                                                                                                                                                                                                                                                          SHA-256:98DA589DD362D8102EB52471F326A83192F8614CD433EF1397375F1271BAF158
                                                                                                                                                                                                                                                                          SHA-512:ABBB1E2127778B42545E8EBC4758FC861FE14DA1CFE93A49BFEFD26C36660D076176C4BB798813EF97690102CFDF29EBFEEBD149F538CC933ECFADFFD3668DEB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....:.............DDDwww......xxxiii..............fff<<<......vvv...{{{...jjjnnn...................!!!......lll...PPP...LLL...........oooSSS(((....HHH..................))).....................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:93A8407258BF11E3B79AE43542DF7FB0" xmpMM:DocumentID="xmp.did:93A8407358BF11E3B79AE43542DF7FB0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:93A8407058BF11E3B79AE43542DF7FB0" stRef:documentID="xmp.did:93A8407158BF11E3B79AE43542DF7FB0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\on[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 48x22, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1775
                                                                                                                                                                                                                                                                          Entropy (8bit):7.522889566965441
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:T0z0PqZa3KsGt9/+DwQQMx7E2LfgU7iNhUszFaA94+pzCxrkNpSqXRhQqLu6egbF:T89c3Kd9/+DwQQMx7v1an5a+BCxYFL9
                                                                                                                                                                                                                                                                          MD5:451F6FC1171865C13AD30AFBC11FB5A6
                                                                                                                                                                                                                                                                          SHA1:CC9BA2078A71FD8E7DA7AA9E4C404D54ECF6F9BA
                                                                                                                                                                                                                                                                          SHA-256:62541C364D6A4C039DC39B7BF80C9D80A483DC300E9B3254382E73EF6B444855
                                                                                                                                                                                                                                                                          SHA-512:53968ACA7A4B3B214ABA56C1C83C30AF0F27D88D61CAA00B5525CC7A40F8022C66355CC89D193AD3EFBE2536790A89639A383CAFCEBA1F28F82351C0A00F3DD7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d...................................................................................................................................................0............................................................................................1!"..#$.........................!.U...1A"...Q2......aB.T.............?..,v3...m6.$.6K.).N.11..K."..N Bt.."T.R.R..*R..=j.Z....8.*. TE.UUF.T......Q4......v%...'.$.I:..}'..O........O.l.=...R..(.,6.;..na9...9.3.L.IC..5..V..L..l.....9.....Yo...M\.,..O.."... .x...k..\\`.5Zj...66...p.....$..L.}..u..L92[)...(!..&.).4y..z.[.v?.G.{o....}.\]u.....prKJ.Xi].C.;..^$.Wk.F..{N...L..X.T.%.bT..=...C...#...~.......F;..._...z.f.k.....*.....wV;...b. .5..l~....+Av.........C*.6 z.#..u..]e.A4..P....tG.vM....".d.....E...wkN..Hxs._......2/......!S..5......\..iY....$..9.<.(ne..>....#..DR._0...$..U...............\....U.....|nG..5.#...V...B.|...uLE.Yy..n..:(.U..>I/F|V^z\.E[..Sv.c+..``....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\play[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2719
                                                                                                                                                                                                                                                                          Entropy (8bit):7.710115400650536
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Ti4UHClcGxJyXNij4wxBZ/0/U0PoZ+/FhiAoWhfp8t07vyHlNySbiaJpE1paLN7n:TwHClcKUX8hd/0sSHdhzoQxOL8aJICNz
                                                                                                                                                                                                                                                                          MD5:F6CB2568B2A04A2EE14456C5AD3C3E3D
                                                                                                                                                                                                                                                                          SHA1:D8F3F49ACC7411D4B09F2A5D8D3E0D877B09FF18
                                                                                                                                                                                                                                                                          SHA-256:523669DE924BB139AFB42913AB2838FE1C822B47A0FF68490A622CE7D7AD3422
                                                                                                                                                                                                                                                                          SHA-512:6494C748D2E1C30ED87EE2006454C3844FE39455712A5684AAEF8243AFDE24C0F7A3CA23D5A06F6666535EFBC6CAEF3BF39AAEE79BE2DDE3153E64ED83E5F388
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#.................................................................................................!12#.a"..ABR$4%.Qr3CST5'8........................!...1"...A2QaqBR#3....b...r..Sc.$d.%5f............?..J...y#M[KiM.po..M...8...&"%.....~..x.B$.6#.E^.AE....5_p..S..it......\..512..i.uuk.N.....T..A.RGow.(.n.no>..r.....8}...Tp.$...v.....P]...M...tt.E/om$8..h!).U.L......9p..!.e.S..,.d...{.z.....y.;sQ..b.M.R.s....*H1.9.Mu.7RU?V...V..O.(AI0.11;.....qE.c_Z).{..ms........Vrj1S.......N....:Q.....n#...}[n..Fc..q....ngCX..K...-..J..)C.V76.t.R.R}C.r,.Q&.....(.a.9......cO..f.pI..pLT..#...z...Y...Og.]Jn....Ox..;N..f..x.U.ER`""..9x[..t.B)o...C..ET%R.|.|. w....y.._._..xx~...v....l..v.....\.....(.=.(0....i.F..R:..p..V....P...xP].a:...vkx..W...Q.*.F..i...mkvX..U....4..z.#..V.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\play_disable[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1403
                                                                                                                                                                                                                                                                          Entropy (8bit):7.340210991905992
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TivbmEc9ehWxKwvvlr3lXt60xfvRe6Cqilor6lkwLQlR4qn8:TizmEc90fwnF180ZvDC76rKkLTLn8
                                                                                                                                                                                                                                                                          MD5:1E646DC662162EB1A039561C5D3B8E3A
                                                                                                                                                                                                                                                                          SHA1:A9996C744ECC301F7F6CB24AAD9EE959205AE710
                                                                                                                                                                                                                                                                          SHA-256:BB3EA926E388CBB51AE6FDA3E3B8AB3CA2BFEBCBFC023E35908C141536390C34
                                                                                                                                                                                                                                                                          SHA-512:BDC473A1967BF81F8A6728C936EEBB9648C058777FF9220852C8E89DEA4C633321271D0DDCB9195CD643FC37C13063D94843085CB0423AC0788F800CD7F1BA59
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#.............w.........................................................................."2#.!1A$..QaBR34%.brCT5'8..............................?..J...y#M[KiM'p...M...8...&")..7..r.3..4.I.lGx..T.."..:`5g...@...W.zi.*...*){{i!.N....\D.:#P..c. ....P.0...S....J.m....O.....>...j.....%g&..0(8.cc.{v.....1T.4.P..\.9T.6....N9.i.Ji..(.z..4./#G....h.*...Cd.._.^...;.{.~...........k&..{Q@Q...=....)Zb... .."\9y..G+..1D.........}2U..r.H13..nA*.be.^.......oJC ...z.Wl.*.4."b..0.:k...[..).'d..!.$..T......r.J..l.\.( .n.Z.9.@...'.p...N..&..*.D..j.w............S.....]......\.P..%y......../.v.j.es;.ZN*......O........Q...,wN.-.....n}.....i...rT....S+.4.LG....`B.r..;...1...)JP....m...="";...W.N.^!...(:...aE...f#[N.6...S.2.....u!....&..l..[..*..p4LD.E+.N0+&.Ul..q.)..*?..P...... $....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\popper.min[1].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (19015)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):19188
                                                                                                                                                                                                                                                                          Entropy (8bit):5.212814407014048
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
                                                                                                                                                                                                                                                                          MD5:70D3FDA195602FE8B75E0097EED74DDE
                                                                                                                                                                                                                                                                          SHA1:C3B977AA4B8DFB69D651E07015031D385DED964B
                                                                                                                                                                                                                                                                          SHA-256:A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
                                                                                                                                                                                                                                                                          SHA-512:51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\progress_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=18, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1], baseline, precision 8, 1x18, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7714
                                                                                                                                                                                                                                                                          Entropy (8bit):5.141118214705623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:Ajw0jy76r7Uy4lyLJQXPYsPxDTy7roknmWWPhWMHi20CYZ5KSt:AjwElrQy4lH5tgoknYt6KG
                                                                                                                                                                                                                                                                          MD5:FBF6ED41ECD861C84823F1BBBA07744B
                                                                                                                                                                                                                                                                          SHA1:43B63911B2D2A8C213F5BDD790E31493FE8E777D
                                                                                                                                                                                                                                                                          SHA-256:A46661345D614585596BF6F90040E5F23F9F8EC972C68710A7A039E694202804
                                                                                                                                                                                                                                                                          SHA-512:85315348C4DF8CA326D4FB7CB30844943BCA975BF90E885C9154B45FAEB20C9257AFB125E9283F22C90662912B23F8D32F5A99F0B7272A127C74AB6648FAAE18
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.......................................................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2013:07:04 10:50:20.............0221................................................................n...........v...(...................~...................H.......H.............Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.I$......I/*IWyw.....DPhotoshop 3.0.8BIM..........Z...%G........8BIM.%.......K.m`

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\progress_yellow[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x18, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):378
                                                                                                                                                                                                                                                                          Entropy (8bit):4.196251415229742
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmM7mMYeltl4Xbr/tqnl3uL84Q:2P0DkwLeOhqmHQ
                                                                                                                                                                                                                                                                          MD5:9E01ADC911F22CB55A3354628D76CFFF
                                                                                                                                                                                                                                                                          SHA1:11C05794DEFC548B65FCD337334133B70361EC24
                                                                                                                                                                                                                                                                          SHA-256:895CB1340C1983EB29521571130D314007CA1BDD22609EECFD014E3C72851FB6
                                                                                                                                                                                                                                                                          SHA-512:8AB3DA408CD299420BE550409A33B1FF05BBA2CFC295FBE71DEF803C1BFDC92825A784B087E8F10F293FE73E82B10410F47D26CF4E4CD8B6382264D1180E00DD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................g..............................................................S....V.....................Q....R..S..............?..>z...hm.n.\rnj.....o.F@^.......GD.ae...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\refersh[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 13 x 16
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):551
                                                                                                                                                                                                                                                                          Entropy (8bit):5.87342736454032
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:YSS4SReFjrZDRUHHsxcANQykPx0ypj2LhJpRV7cYWoMzqtrqEy+VddlcTTE8KE:Y5ReFjrZN6sNHZlnuf+Zl4Trn
                                                                                                                                                                                                                                                                          MD5:110C585BC7A07A0747C607159D24D257
                                                                                                                                                                                                                                                                          SHA1:2F61355EBA1C3F5409014313571B649FC71AF795
                                                                                                                                                                                                                                                                          SHA-256:0BE17C8C59610EB8BD679BBF47993C7050F1A7DEA1A81853464017CA34687192
                                                                                                                                                                                                                                                                          SHA-512:4DAF39C5E678F1A25F103E1BA99A175318C2CE05FFEBC38BD75889BA5EBFD8A23C97BF5FC28BF2D1AB2CFD2C467DE5314BE1D63A870B663FCD8F06131F663BD7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....I.M.{@.rQ..i..........................t....................>.p......u.....L.{...6.k.............n..D.u.....b..E.u...A.r.......=.o....J.yr........G.w..V.......F.w.......l..7.k........................4.i..................................................................................................................................................................!.....I.,........@...I.)E..AB0I.....I>.%FH2..,H..H..8H..I17.*&#.5....'.....GG...H H..(.H."..C.....9.H?.:...H=....@......H$./..H+..<64..H..I3-I..D;.!.....;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\smartBackup_icon[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 270 x 30
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5678
                                                                                                                                                                                                                                                                          Entropy (8bit):7.721980116823742
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:4PLLZzYnGS/n1EWWemzK2Lr1PrVkA2aIiDTdE0O9DWOnY5KXiZJhny:qLZzch/nuWJGK2LrJBr2aIiPgBWIofC
                                                                                                                                                                                                                                                                          MD5:2E25ADE0B5B2B10DBFD8A870C2D1B1A1
                                                                                                                                                                                                                                                                          SHA1:810612CFD1718229D822EFB423DA90A7AB0396A1
                                                                                                                                                                                                                                                                          SHA-256:471802376C0205918798B6D3DDE1D6742901B85D23906883BF6D1C1C10CAC079
                                                                                                                                                                                                                                                                          SHA-512:AA2624A2207C2E604F919D98093999B726633E01AA201C08389B9B26BAA3D33E6FEE301EA6806ECA26C6FE2CC4CCBC6527BCCBDE8C8055B79270E1140191D0BF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a........S...-ReT..D.....h.....m....X.......]l..l..6.....U.....d..9l...........*..................#......,y.........9.........:.......D...v...........i...................9..5..../....v.v..C..+......Ew.....l.r|.]....................A...|.h........X..xxxTOLH..I.......!l.u..[....%.....]..Z...^............KZfU..Q..........R........H...l.C.......<........6..3..{*Rl.......'..;..:..I..0.."...y.M.....hfe]..ht{R..".....b..Z..0..+.....V......G..Q..P.....o..........G........~........A/<G...2..}..>.........B..........._....A....................P............{..........................D...........%.................-..>86Z.....a....:@..+..(......`..Y....__a......_.....)^|.....................?...........z.....8..?...........!.......,...............H......*\....#J.H....3j.... C..I.$.t.rh.1....$.x9....8mz.C.....y1G.....x...iD.y:....>|....&....x...........p..~)..]6W..<..2h..;..).F...vGv.H.0...^"{...2e....SPC.`.:..M...`...m..]...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\smart_bg_bottom_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 9
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7126540301661213
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CcqmRWD/xl7/l/nKkb:smRGlMq
                                                                                                                                                                                                                                                                          MD5:DE49B10E3CC222F7D18343BDAFA8DC1E
                                                                                                                                                                                                                                                                          SHA1:0D6BD14D98CBCBCD6034C9573DF70C1259993B2D
                                                                                                                                                                                                                                                                          SHA-256:DB5DE1B49CC58A8C029888C9DFDBC3C902163AE32001D0A14815620FC759D1B0
                                                                                                                                                                                                                                                                          SHA-512:6B55700CAFAD74FE17EE3AD09DAB39D73DBCA1F7A646D38E61401A91225A79487A57C3C1788DD75FF0C6569C7252F65F49ABF1E5166F4F7440634C1E0F518B6E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................!.......,............/...;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\smart_bg_bottom_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 9
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):169
                                                                                                                                                                                                                                                                          Entropy (8bit):4.988495305925352
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CMJLbaCY/dsKeXE3EhSl8JfiaaOLzl7/lY2UGVcn1sBFe1FHsksonle:/xbdZKuE+J6aaOPlyG6nbE
                                                                                                                                                                                                                                                                          MD5:89CED3FB0DEADC9E11DB44ABD6C322D8
                                                                                                                                                                                                                                                                          SHA1:85D0DCB88E51E7E086BC5D94B8987C788E502C93
                                                                                                                                                                                                                                                                          SHA-256:CE4B40403749F12AC68BF3460A6BD56A160519F50D1A37F13666A174FD064138
                                                                                                                                                                                                                                                                          SHA-512:FCADAE3404AA4D59D0943EA6FA4144DE72C9DF73D5D95840CA159B027C651959064EF87A0715BB5FF0F81360E8CD7758691733B6F010989591C4E22148724A39
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................................................................!.......,..........&.$.S".#r.......N...b...`..4.".....B.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\smart_bg_left_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7666714321693266
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Ck0o8R/l7/lRhlen:XWlbe
                                                                                                                                                                                                                                                                          MD5:6D887D0D15161B2CAEEDFD48F4F25DEC
                                                                                                                                                                                                                                                                          SHA1:00958B93857DA0AB37241027AA9F74D4F470F320
                                                                                                                                                                                                                                                                          SHA-256:501A64844D26B44552936517694DD886D59C33131028465C3489C08068922B96
                                                                                                                                                                                                                                                                          SHA-512:5872299230FCD13BE1A2D7222E1F46EB5C841D4A6CF89C323FF8FFEED645BFCF486C4E30FF459563F5DA368ABDC62CB721FF87618BAD972244A03BDB813A25B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................!.......,.............)..;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\smart_bg_top_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 17
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):181
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3750238557849395
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CUz1AUl9ThDVoy6QtK/LDpRQQQ/zzl7/lPgKSFAWViiepRtvxtaHnE:HhAk9FJH6VzDsVvlGlASG9qnE
                                                                                                                                                                                                                                                                          MD5:9985FD1225F4706AE0E21B23A5354B64
                                                                                                                                                                                                                                                                          SHA1:353E6189D2E1CCE2267BA563211C0C50C9B94D15
                                                                                                                                                                                                                                                                          SHA-256:542C843DF7A6026197E3664F6B738EB297F1626520281CF667AADDCC7DF4464A
                                                                                                                                                                                                                                                                          SHA-512:A8AEF89EA88CDF7870B643EDF967636733029D3ADBF5CBB4C3727DD1A0956ED391D97ABC0C43D096A021F1265ABD4354B43EB7475A4B116BAF3D5ABB3F1C8947
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................................................................!.......,..........2 ...R..2%..0.%[C...,K.....(#.-...8N(N(...N.@.5...;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\start-bck-btn[1].png

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 139 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3220
                                                                                                                                                                                                                                                                          Entropy (8bit):7.75844977383581
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:9zo7FDNn2mr6J3rL9xnrAa8CyFV9vkRkUgFmNdcGA/4AmU5ZrtPS+Ofmm8wUjd:xo7F52j9wrV98RkVoNdcg4ZrtPSWmsd
                                                                                                                                                                                                                                                                          MD5:F03B0280A1BAAD5ED85801DF3BDA712E
                                                                                                                                                                                                                                                                          SHA1:2DF916A3838CA79554E4C48C2094319EEF791912
                                                                                                                                                                                                                                                                          SHA-256:02599BE885CD6A3BA0EFC363BD7D750D7A91F49BC8757090DDB14680EC0EC4F1
                                                                                                                                                                                                                                                                          SHA-512:1817EB8B1DD34696BBC84370025FD6A03ABF861C85895DB1252FBBF10CA105998204C7E694C23200E4F0AD69A5C7AE03B89CB6E76CA228C78AF7BBE48E117713
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......(.....A......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmpMM:InstanceID="xmp.iid:1E21DF58CC4311ECA921FA206EA727DD" xmpMM:DocumentID="xmp.did:1E21DF59CC4311ECA921FA206EA727DD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1E21DF56CC4311ECA921FA206EA727DD" stRef:documentID="xmp.did:1E21DF57CC4311ECA921FA206EA727DD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..t.....IDATx..[ol....3..wg..C....l(..8.Di.G.*-..-.R.!."E.,...J.~...R+.V.*.~(UI....4.i.-....!...vpL.....;.....t..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\stop[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2708
                                                                                                                                                                                                                                                                          Entropy (8bit):7.71117668408159
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:TihMTza2vu/TYBX+ZhGBfwJWK2R2ppit/Tb/UAd+1YDxDMupbAEsvOAcKh8EJoNh:TbCL/TwX+nGJl4bit/f/T+utDpbsvOPt
                                                                                                                                                                                                                                                                          MD5:03EB115AA265A6708BDF7CFFAFD4489B
                                                                                                                                                                                                                                                                          SHA1:CA225A1C8C3BAF6759082451EBE61ACC0D2223E2
                                                                                                                                                                                                                                                                          SHA-256:ADB7E8375DCDFC48F0A671E0D92DF1BB16213F4429C12F5CF2EA7AFF80312680
                                                                                                                                                                                                                                                                          SHA-512:06A44ED830865F62B6CE4F465A9ADCB841A818F09618582E9292C165EC46EFA27C6C5FD7ABF622B3ABA15AD58C547036C4F7DE2716DA88BF7532657CAE338E02
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#................................................................................................!3."#%..1ATa2Rc$tU&..'.8.........................!...1"...A2R#QaqB...r3C..b.S..$%4d...5E.&78............?.....X}.JW..V%T.Lt..J......I..D....%......?.8.4.....C&...Yh.1f..fW...j...A...a.4I.....`.64.K...U.%H....J.E`.&.L0"I.7.t..7.0..J..L-...a..+..2r.Cp.*.x.T.Q.H..0.S..bS..R.pQU.o..R...&.K%g*.qY..x6...I8.....-......8.+.f..[..N.W.5.+.}.Z....=...5.b..p...7.vr..gb..RKWd....UcR$..p.,L....[..@DC...'-....+.^.w....}'Eb...m...S..I..Y.87c.K.I.C...@......sq.^.T.r.^..\.Ls..!..I).iK...K.%....2..IY..V*.Z.XLF.{._:Fo....]AM.<riZ=F ....Q.........=.f}0...+:.m.].........N .]3..l@b..C...V..)..4.:.u.45*.8.....(.M..ziH.....(E..:.!0.8....L..x.&T....C...Q.%.....;.p......2...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\stop_disable[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1338
                                                                                                                                                                                                                                                                          Entropy (8bit):7.304771537139327
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TivbCF6TfgMM4AyB1BU92ZXHGBsgTnl+znMa7RsxgrsaavDI8:Tiz9TYFNEw8Z3GBsgEMa7RkaarB
                                                                                                                                                                                                                                                                          MD5:588A4F474047F6E88FE416C90ABB4C8B
                                                                                                                                                                                                                                                                          SHA1:6B81F65A2CEFFF17B8727B4E9D64824BFE5ED7C7
                                                                                                                                                                                                                                                                          SHA-256:BF99B8AE1D8E607F2FA9AB1B4CA24CB5FF859986400EB91E1CE9AD4EA474CC27
                                                                                                                                                                                                                                                                          SHA-512:5FB594136BBEA3EEEBBBDF0BFB53F39BAFFCF6F7D15E45C3C31711017FDFDA640480FE646C07164AAD506E73F6B7C4DB9EA835EE67535F039C26F21A66D92506
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#.............w...........................................................................!"3.%.1a2#T.ARc$4tU..'.8..............................?.....Y}.)..m5fUN.T.Je.......h.T..E.....3a."/...CL.B8B0..,8..`.Z.Xg.%u...z.n..V...X.l....J...fO..B..a....A.....Y.-<n.3.ExWd.r...F.!.....s...../P.l..HB.>hc...Nn2.S:..W.'nK.oE#.R...-BJaV...lMP...a.....4{U.D@K..@.=...d.....k.0.M.k..M).......K..2.|.>;..\...a/.r..?.6 ....B.[r.Z.Gi.:hkI.S(r..-i..n(...w*....Iy'B..../......1.1...cy.....D......I.WMmg..aN.j.dI\.).`...@..<...X....$.`2.,p....!D....=.m.t.Z.(...O.......'..;.q.i|Wm.h.\...e..u.7)..r...^..4q.9..AS.......-A...S..x.v>0.N_..........@............K.z...B...V,V....*T.G(Py...Q$...B.a....x...2...r.....=....k....2e..o.~......[2...o7...n......m..9.-{JS.^.....3.-...0).Rpn.".....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\storgae_bg_frame_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 6 x 97
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):248
                                                                                                                                                                                                                                                                          Entropy (8bit):6.266950040198473
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Chh/7VvIyOIyh9J16SiN/3DXlzl7/lvuwMt8T7y14K7YOuzKwVKPOBmiD8cickIr:uD3yh965zlg5am4DOu+HOEO8ciLIto2
                                                                                                                                                                                                                                                                          MD5:3B16AEBCEECE1D8C00F41014861587A5
                                                                                                                                                                                                                                                                          SHA1:A215CFFAE6761DFF4519A9DC4382E084A72EF08B
                                                                                                                                                                                                                                                                          SHA-256:B921B38D1733A612263CD1C1A8517BB9C2C3B2B6E09AF4C565A6E5A9453F6020
                                                                                                                                                                                                                                                                          SHA-512:679376C3E6590D93434F931F3A1B39A3DB8F25243327151D1D4E8D5D724072E8ACE6E54A07168C967E168C96E3480D1320BD2503B6EE166C87BDD8E7C04DDC42
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..a....................................................................................................!.......,......a...u`5........A@N$\4%.Yv.......].?.Ny.&.Kh3..N.V.V..r..0v\%_..kf..kp[....u.}.....}....|.y:W@N.C..4D...D.......,....&!.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\titlebar_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x19, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):326
                                                                                                                                                                                                                                                                          Entropy (8bit):4.094943205371178
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltlasluqnc2LBO8IW48MW1YlRmMLX2Mllmomstn:2P+Ec2bF5nYqwxr
                                                                                                                                                                                                                                                                          MD5:810C3F04DFFB59DECF9F2B7DCFE73EB1
                                                                                                                                                                                                                                                                          SHA1:1440A33B9623DFEBE26C254B29F3866D787BDCC7
                                                                                                                                                                                                                                                                          SHA-256:1E28D1E32A7313D6601F7C0C69A6B419BFC5E8047C1ABEEA3B3C4D5DC5640124
                                                                                                                                                                                                                                                                          SHA-512:5A15630C7C9BA2981A40F5CC728655E99F4C0CD1290FD2AD1FBEC9F9CAC05442ED77E57755A00EE7D2DBC74AD637AD5F175F3D919FA70EF3CF4BF6164F89A24D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................................R............................................................R...............................?..`(.mK-!....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\titlebar_bg[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x19, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):326
                                                                                                                                                                                                                                                                          Entropy (8bit):4.094943205371178
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltlasluqnc2LBO8IW48MW1YlRmMLX2Mllmomstn:2P+Ec2bF5nYqwxr
                                                                                                                                                                                                                                                                          MD5:810C3F04DFFB59DECF9F2B7DCFE73EB1
                                                                                                                                                                                                                                                                          SHA1:1440A33B9623DFEBE26C254B29F3866D787BDCC7
                                                                                                                                                                                                                                                                          SHA-256:1E28D1E32A7313D6601F7C0C69A6B419BFC5E8047C1ABEEA3B3C4D5DC5640124
                                                                                                                                                                                                                                                                          SHA-512:5A15630C7C9BA2981A40F5CC728655E99F4C0CD1290FD2AD1FBEC9F9CAC05442ED77E57755A00EE7D2DBC74AD637AD5F175F3D919FA70EF3CF4BF6164F89A24D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................................R............................................................R...............................?..`(.mK-!....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\tooltip_bottom_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 1 x 8, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):118
                                                                                                                                                                                                                                                                          Entropy (8bit):5.323569255079672
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlE3tn/gJllHRthwkBDsTBZt9dp9A1aQ0qhVp:6v/lhPqYrznDsp9F5mp
                                                                                                                                                                                                                                                                          MD5:43E77D93AE89B89B93A458E7120F340F
                                                                                                                                                                                                                                                                          SHA1:98FEC1AB8C0F6979B0DB4BF5EB2C2AEE321A6FDC
                                                                                                                                                                                                                                                                          SHA-256:D72B127FFBDC1B6DA466FD941EE62249DAA553E7499B2B92514C11F73264D4B9
                                                                                                                                                                                                                                                                          SHA-512:3CBC9FD9D306E9B4DE849FB3827EE3487C60442DEE431F6063C4A97B41A2F142815D993B23CCBF488226CE2D52E1A83ABFE04D4376E69F26D5E1AC5B2864D410
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR..............x......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?....V|..U...._...../.....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\tooltip_right_top[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 8 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):225
                                                                                                                                                                                                                                                                          Entropy (8bit):6.434454506015953
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:6v/lhPZ7nDspWvJ3q+1eeZHBR+PBVzebp:6v/7RUkvJ3qajHePBJe1
                                                                                                                                                                                                                                                                          MD5:0B509A98C43C051A43F8DCA3F0A3391F
                                                                                                                                                                                                                                                                          SHA1:3BCBFBA70E3D65BD68D3B2D97DE9E2ABFA493611
                                                                                                                                                                                                                                                                          SHA-256:67ECC59FEFFEBCECD68241BAED1730D53EA8C32A793B3B650718E842E8D9C4AE
                                                                                                                                                                                                                                                                          SHA-512:1E9927D07EA2FFA067594A0D7F394A1D1C2E562C04087798338864146E394AFF349099964DF6C76B9C9DF3C04FD47503C143E52EF599DF824ACF82F775852021
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b.u......1....#.... ....}....C.P..7o...v...+W....@r..0......_.)r.)`b@.....RRR f&.`..6...w..h.%... ((...q*....Q.8.....(9....Q:Q...h4....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\upgrade_bg_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 3x187, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):430
                                                                                                                                                                                                                                                                          Entropy (8bit):5.201190563126312
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltlasluqnc2LBO8IW48MW1Yl3mMWS1cZl/lVq5Arlumsr4ckPxYBxqs:2P+Ec2bF5nY03b/GwYqckPxWxqs
                                                                                                                                                                                                                                                                          MD5:FDB6E2A71A9CFB4A8EBCC389904117DC
                                                                                                                                                                                                                                                                          SHA1:9B9C196820E70ED066793C3FDDC6AEC30B14CE22
                                                                                                                                                                                                                                                                          SHA-256:D067C7F4A39F41D197445F39B67314A18FC00E00102A31666468D5E5F4D1EE0D
                                                                                                                                                                                                                                                                          SHA-512:19A84A1A01A7B2A9BC8829B5E74AC226CCD4DA6E4D2072DCC0C0366A23293C30F0653B6A333B2C0BECC006C278FEA429263D449D5A0A540244A2DE4FE2F88AE5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................................i.............................................................1a...!..2.E.R.3S...D5................................?..'..}...,..:5....@.F..4S..Y0.....Z...G..h.r..5p..+p..0.9h...f[......O..m....d.....0....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\user[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):310
                                                                                                                                                                                                                                                                          Entropy (8bit):5.744801197327992
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:PBej2E3T6sKVla/AKKbgBWoOndzpl30hrBucSaZ/rdK:PBejn+9ja/AvbgOlpAkcSaZM
                                                                                                                                                                                                                                                                          MD5:13AE28C7CE53BF32A4336ECED90F71C7
                                                                                                                                                                                                                                                                          SHA1:993C7610FAD87F0276E156CB5B58635CD71197D3
                                                                                                                                                                                                                                                                          SHA-256:D5684ED9F790F76C0686AAFB34C96E17E067B4FD6D92023810E798C6664D5817
                                                                                                                                                                                                                                                                          SHA-512:F1D889593EF464B6854DDF883D3FDAB8AE46AF900C9E95AB5EAD91832AB09E3D71FCE098A26A276A1D213BEB8FEDDFAFB9479C4B8E4EFD0856A314347928E11B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...............................................................................................................................................................................................!.......,..........S@.P...B..R.p....r8.>'Sa.Z.dM.nI..pA....|M...m.<).od.e.."..b%...&..\....\.$.....tKA.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\username_bg_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 13x23, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):515
                                                                                                                                                                                                                                                                          Entropy (8bit):5.436133963274301
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0Dk4EzXJe0YqafA9brPDcPLnBBo3Nx46nn:TwzXJYqIBLnfMs0
                                                                                                                                                                                                                                                                          MD5:D7AC8288F1DFBD55CBB346140A585851
                                                                                                                                                                                                                                                                          SHA1:28B075F5D340CA8D75DAAF92643CE418E5188966
                                                                                                                                                                                                                                                                          SHA-256:F61149CEA74A9F2EACA012CD70F57E6F706173FC2ED1965855369C941EC4F853
                                                                                                                                                                                                                                                                          SHA-512:2DF2E3EC11A234ACAD177D778C228604BD968A410CA43BEB3D7945CB4F57CDFCC46D3F1233DA8B809F79ADF038C7E055A9E2F119864A994980C6DF306C4A8B6A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d................................................................................................................................................................._...................................................................!a.1Ab................................?...._..X"o..a..1.a."i.%.@1D....4ul.t.|#...5^.....V&...+,.|.V....]J/..jx......@6c.9%..D..O*.^.....~.......|...h...vN..K.68SI.5}[w.....t0...2..pH.).G...T.....l8.V..e.`..JV.x.w.6W....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\1x1[1].png

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):923
                                                                                                                                                                                                                                                                          Entropy (8bit):5.822546307840737
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:ey1he91Wwjx82lY2T3ouVApK5yJ3VBKAG8:ewqQNn2xivJ3Vl
                                                                                                                                                                                                                                                                          MD5:F6AD9D8EE643B580E1D7DAB91D85617B
                                                                                                                                                                                                                                                                          SHA1:403DE8C20D230200D0D3D99E7FC7A962E45A275B
                                                                                                                                                                                                                                                                          SHA-256:95B76F36271422D87BAB24F20D8A26287A9554C808EF12D9696B0F01FF4B4376
                                                                                                                                                                                                                                                                          SHA-512:9D109231A292B0C7E44E987A37FDF5A6CB895E2DFE4901DB78EDFD1E5734A8FF7C467C0CD470E9795E920CF342474D3FC49F9EF08E096B4A663DCA597C5DD0F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR....................tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:BC4EAC4294A611E3BE05F56B8E7409C1" xmpMM:DocumentID="xmp.did:BC4EAC4394A611E3BE05F56B8E7409C1"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BC4EAC4094A611E3BE05F56B8E7409C1" stRef:documentID="xmp.did:BC4EAC4194A611E3BE05F56B8E7409C1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......IDATx.b```...`.............IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Alert_icon2[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 49x49, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3402
                                                                                                                                                                                                                                                                          Entropy (8bit):7.59214478858952
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:JQBGqetQVUje76XRL53HgvSQ1gNlzhY3AJYL2m:J+ECi3HgaQoVhY3AC
                                                                                                                                                                                                                                                                          MD5:290066459FCE5174130CD60A819E9DFC
                                                                                                                                                                                                                                                                          SHA1:5E3D4AC1167171E5819CC9F1C8185FFEC83DC7B2
                                                                                                                                                                                                                                                                          SHA-256:6E3E7522C267E3BEF3041948EBFF81E9087D94179099B95335A35B26DBF88327
                                                                                                                                                                                                                                                                          SHA-512:EA252B88213DCEB303D79ACA0B6E9BAB7DE975B156FA54ED5175355C73CB9A53584E19E5E7914DC2FAD927557CEAD2169363076FF4D8AF7541B1BDB367CE4A03
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....mhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:3DA57A710BCA11DF8A4AC24B6435A42B" xmpMM:DocumentID="xmp.did:CD68E6EFD9D911E38BBAB1C543602FF9" xmpMM:InstanceID="xmp.iid:CD68E6EED9D911E38BBAB1C543602FF9" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EF7B1CF1EF60E01186B9ABB703A58575" stRef:documentID="xmp.did:3DA57A710BCA11DF8A4AC24B6435A42B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...............................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Expand[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 13x13, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):559
                                                                                                                                                                                                                                                                          Entropy (8bit):5.677863160118538
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0DkTRpWbgxtQP8HYGYmNGvO6Q7TDrJL8q:TmabP8HYPT26Q7Teq
                                                                                                                                                                                                                                                                          MD5:AD7D101CF1B37B64595E93918DC94BD6
                                                                                                                                                                                                                                                                          SHA1:D6BFCD264766B6C062185D430ECEF90A6E56F191
                                                                                                                                                                                                                                                                          SHA-256:E4B4BBFCED85C9B732550E1E62342B079DF9325628775331B6279EAA85B74117
                                                                                                                                                                                                                                                                          SHA-512:C771E9F0E9FB7692FEAD6FF4628804FC87674DB4A1CA226B94D97EC1E43154A31BADA536CF7D31A0B5E29CF2E240AF0FC0D6F79BC50599C8D8F8979C9AE0065B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................e......................................................................"2......................!A.."............?...w...z..;l.7}.$.........J...g.v8.:L>e.LL..Z.b{.$.y......e....PC.....u..K.1..6...&|z.iA...r.Ld.....?.`|>..,HT....HD$...16J....Yc.&.l.X..P.%^..q......B.s.Q.5.a.5.q.U....&,..A.....-......O.....$.g..*...OW.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\FullScreenNormal[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 19 x 15
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                                                                                          Entropy (8bit):5.483623676444322
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:C4nlsAOVVdzl7/l7m8tJO3m0q3RKIFoHen:alc8tJO3Zyeen
                                                                                                                                                                                                                                                                          MD5:1DB07FAEE908D9CD67BD77F15FAC0455
                                                                                                                                                                                                                                                                          SHA1:87E9C66E69702C62715A6CCECF622D15C45CDE78
                                                                                                                                                                                                                                                                          SHA-256:F357760F0DE51A5096880E788779C00A85D4F2A3EFA500328FAF20EEC23009D3
                                                                                                                                                                                                                                                                          SHA-512:1874D9778345162F8F151032CD34E71BE4181233789D47E0E5A8AFBDE23A9339CF0F927F51F1300B3DAECE2E8871280A1C07B7AAF24A560FF63B6040A06EE667
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a................iii............!.......,..........7.....I.\6S.5.C(..A.hy.l+...[.e.Y]|..O<.(&q..../..<..@..;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Restore_icon[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 56x38, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1531
                                                                                                                                                                                                                                                                          Entropy (8bit):7.5283251139096565
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:WjJdYWjcsWSXGvM/q3WLd7YFhya3QSJmXoiiYjUHD5obdk7Kydk:OJMqGvhWLdCf3QSg7ai+w
                                                                                                                                                                                                                                                                          MD5:ADB1F1AB6EE79C03CDF5E011ECECADBC
                                                                                                                                                                                                                                                                          SHA1:670C7A07DF899014DE02D14BE1BFEEC2644B78C1
                                                                                                                                                                                                                                                                          SHA-256:03395440905B3CB1E7B05D28ACAA97B78C6F2D1122EBB253C54957519E652010
                                                                                                                                                                                                                                                                          SHA-512:4F1E9CC25D6251BB3787A32D14EC303A2194A7B90819623A87D54291EA39508D3BB0F820DC53D391EFCAF4D7B86855F407C8A74D6E3B1EBD55F97F20B9F6EF27
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................&.8...........................................................................................!..1Q"...A2B.#.q...T%U......................!.1.AQ..q.."..2Bb..............?..O@..N.@.Y.m.. ...#..X....r\...g..\-.2.wYfS".6........A...*.O..a.oR.:.,...M.6......+k.~/..#.F."<o.9.j..H...u..i.3..].4....t....?=.3....{S.O'j.9...Z..S......F.T...N...WyQ..rU....z;.d...#_A@..R+......QB.K...X..Mt.....8W....f$...1..8q.{....\..-V.5.+R.@.4.~.....d..H...3..C....Wfo!...]q..2..W.$..M!..m*~.(~.vd....v..$.h$8.+..vg.....\..k."..... ...dO*..r...X.X....Z...].mIbM.GR}...Bn.......l$...H..-.G.2.........x..t!P...........VV.p..........b...}..).\..y..9S.j..|>....(..........$\;.J.>I..As.Y.....U.g..>.y....~....m..e....-.]]..>.ln...x..../#....(..r.9.....R7SOF..}(....{B.'.+.f..'~...."X0...&l...n

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Small_fixerror_dis_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1196
                                                                                                                                                                                                                                                                          Entropy (8bit):5.8839099181183645
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:FK1he91Wwjx82lY2T3ouVMar2iyJ3Vtr1GKeiLXZ:SqQNn2xGk2JJ3v1Vjp
                                                                                                                                                                                                                                                                          MD5:AFFC4A4282CF71763374E9DCC8C1E90D
                                                                                                                                                                                                                                                                          SHA1:412C896B18023E8DA834A59656B3A413779D3508
                                                                                                                                                                                                                                                                          SHA-256:EC632F705006875DE073401A4FFCC58C0F80C4E61313965B90BD1C903662BFC7
                                                                                                                                                                                                                                                                          SHA-512:EE4423A1E89DA13D4199922D7F9376C13483717DD9443BEC81DFD74A452970D7AD14B997A405982A691100E7CA6F8BB65E67D9BE637638A80DD1E30B68736F70
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:61878B6AD04E11E3B105C03D2F846317" xmpMM:DocumentID="xmp.did:61878B6BD04E11E3B105C03D2F846317"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:61878B68D04E11E3B105C03D2F846317" stRef:documentID="xmp.did:61878B69D04E11E3B105C03D2F846317"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Small_fixerror_dis_middle[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1196
                                                                                                                                                                                                                                                                          Entropy (8bit):5.8839099181183645
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:FK1he91Wwjx82lY2T3ouVMar2iyJ3Vtr1GKeiLXZ:SqQNn2xGk2JJ3v1Vjp
                                                                                                                                                                                                                                                                          MD5:AFFC4A4282CF71763374E9DCC8C1E90D
                                                                                                                                                                                                                                                                          SHA1:412C896B18023E8DA834A59656B3A413779D3508
                                                                                                                                                                                                                                                                          SHA-256:EC632F705006875DE073401A4FFCC58C0F80C4E61313965B90BD1C903662BFC7
                                                                                                                                                                                                                                                                          SHA-512:EE4423A1E89DA13D4199922D7F9376C13483717DD9443BEC81DFD74A452970D7AD14B997A405982A691100E7CA6F8BB65E67D9BE637638A80DD1E30B68736F70
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:61878B6AD04E11E3B105C03D2F846317" xmpMM:DocumentID="xmp.did:61878B6BD04E11E3B105C03D2F846317"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:61878B68D04E11E3B105C03D2F846317" stRef:documentID="xmp.did:61878B69D04E11E3B105C03D2F846317"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Small_fixerror_n_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 12x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1781
                                                                                                                                                                                                                                                                          Entropy (8bit):6.998674608255233
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SqQNn2xtgrJJ3DNXVa/RIgxtFJZJBh6PwM95o1:bY2QVa/RImpbiPrQ1
                                                                                                                                                                                                                                                                          MD5:13C0424E857344B8D560D2856F848FFA
                                                                                                                                                                                                                                                                          SHA1:0CBB55D91A1D9B5B86AC3D560C58D1ED56DF85E4
                                                                                                                                                                                                                                                                          SHA-256:461C1A406626D2FDA6A4EBDC4C8A055BECD974F0AEE80C8A780010899F78B45C
                                                                                                                                                                                                                                                                          SHA-512:D8B88F0AFB6CD16BBB5868C3FC07E0DE3DE345EF43BE9DE9E45DE4364C6F1D8CAAC9D864ABC15990BAEE095F76F5C838F911EF10AE32AB343E34E67D3D1B09C7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:72C8B5DFD9C011E389D7BE2188297368" xmpMM:DocumentID="xmp.did:72C8B5E0D9C011E389D7BE2188297368"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72C8B5DDD9C011E389D7BE2188297368" stRef:documentID="xmp.did:72C8B5DED9C011E389D7BE2188297368"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Small_fixerror_n_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1286
                                                                                                                                                                                                                                                                          Entropy (8bit):6.170804951830396
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:FK1he91Wwjx82lY2T3ouVqkyJ3VhzPGKei/li+jvH6cKEEb:SqQNn2xUJ3PzVXAKvH6N3b
                                                                                                                                                                                                                                                                          MD5:06F58DF546F36BE7D12A1439B5CDF363
                                                                                                                                                                                                                                                                          SHA1:83919F670C1F60AE8F4CA684712ED05D920B333C
                                                                                                                                                                                                                                                                          SHA-256:0196E4EE3BE192133101A11F10BA0D5E23158EC387B53C4B49F41386ED27AF0E
                                                                                                                                                                                                                                                                          SHA-512:377FF49956E0ADCA4822C5EA5BC30B4CE817C07AEE17DE2F25998D6B3657AFF09266BDD12A4EBF3C5033AEAE9BCDB5BDC9B0D5E69F24B260EF1492735BFBEA29
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:4137E8BCD9C011E39B2CE40B413F2E16" xmpMM:DocumentID="xmp.did:4137E8BDD9C011E39B2CE40B413F2E16"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4137E8BAD9C011E39B2CE40B413F2E16" stRef:documentID="xmp.did:4137E8BBD9C011E39B2CE40B413F2E16"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Small_fixerror_n_middle[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1286
                                                                                                                                                                                                                                                                          Entropy (8bit):6.170804951830396
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:FK1he91Wwjx82lY2T3ouVqkyJ3VhzPGKei/li+jvH6cKEEb:SqQNn2xUJ3PzVXAKvH6N3b
                                                                                                                                                                                                                                                                          MD5:06F58DF546F36BE7D12A1439B5CDF363
                                                                                                                                                                                                                                                                          SHA1:83919F670C1F60AE8F4CA684712ED05D920B333C
                                                                                                                                                                                                                                                                          SHA-256:0196E4EE3BE192133101A11F10BA0D5E23158EC387B53C4B49F41386ED27AF0E
                                                                                                                                                                                                                                                                          SHA-512:377FF49956E0ADCA4822C5EA5BC30B4CE817C07AEE17DE2F25998D6B3657AFF09266BDD12A4EBF3C5033AEAE9BCDB5BDC9B0D5E69F24B260EF1492735BFBEA29
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:4137E8BCD9C011E39B2CE40B413F2E16" xmpMM:DocumentID="xmp.did:4137E8BDD9C011E39B2CE40B413F2E16"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4137E8BAD9C011E39B2CE40B413F2E16" stRef:documentID="xmp.did:4137E8BBD9C011E39B2CE40B413F2E16"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Small_fixerror_n_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 33x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2599
                                                                                                                                                                                                                                                                          Entropy (8bit):7.426589219447669
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SqQNn2xaJ3qlkVm4FW0UYfPOHPVVTHD0XgMm7u0nlSSvlL:bY2vSVm4FWn+WdrMHolnL
                                                                                                                                                                                                                                                                          MD5:6787C32225013100B06C8636EB2ADD69
                                                                                                                                                                                                                                                                          SHA1:6A622D3B240936144FDAAA0CECD7DE7D8EF865E3
                                                                                                                                                                                                                                                                          SHA-256:DC20C242781186C1B46BF38CF818F3FBB0A3CCBEEA2EC591821E1E48C99CDBF0
                                                                                                                                                                                                                                                                          SHA-512:5A9BAD6A3A035AD2C7BBFFBF0686222EBFD15831CCC9BD794E9E9B51F2E20A10531FD91DEDE35BF1B9DE1F2448AC305A49490AED9D5D27DBDBF571ADE9366F49
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:250EF150D9C011E3AED085162E12A34E" xmpMM:DocumentID="xmp.did:250EF151D9C011E3AED085162E12A34E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:250EF14ED9C011E3AED085162E12A34E" stRef:documentID="xmp.did:250EF14FD9C011E3AED085162E12A34E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\afterinstall_ss_windows_notms[1].png

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 367 x 290, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):60729
                                                                                                                                                                                                                                                                          Entropy (8bit):7.989519888489715
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:8SZ7gbQuSsATq+IjYV2WumBN/IOGCIHNgbsm3rnbPH:8Sx/u3ATqlM/uQNQd9O3bj
                                                                                                                                                                                                                                                                          MD5:320210B5F84FCE242C9250F8A66C77D1
                                                                                                                                                                                                                                                                          SHA1:0F516D121F16F3FD36594D98C729220795C8F6EB
                                                                                                                                                                                                                                                                          SHA-256:6993F0C68486979DD7CC85315932B0AB2318E0B0AC28BAB622A8784042B6E03A
                                                                                                                                                                                                                                                                          SHA-512:852CF725DB3BF729BA3629D450FA93300B587F8AB2E70235142E8BDE384F3C66B58B93A3F054D5DD5F99354BB5BAE6C36D5D3595E87FA3E6CA8B9EE7EB2FC5B8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR...o...".....6.S.....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:5ce0c6ed-3600-4f74-8495-8aeac81a47a1" xmpMM:DocumentID="xmp.did:1443E0E174C511EE93D7B59F4FED51B8" xmpMM:InstanceID="xmp.iid:1443E0E074C511EE93D7B59F4FED51B8" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ff87c766-da4e-084c-bdaa-f22f3b4e5476" stRef:documentID="adobe:docid:photoshop:ff03e90e-91ae-eb4a-93fc-a58dac326b77"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.m.....KIDATx...|\.u.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\alert_popup[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 34 x 34
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1373
                                                                                                                                                                                                                                                                          Entropy (8bit):6.907640092018207
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:8oBaaetJlB0sblMiYmUAA2+VpdD0xdGRyOQZSR9yFysTHOed:mnlB0wlMimdITw7+Q96ysTu8
                                                                                                                                                                                                                                                                          MD5:4779147333E0FC7C4E4E1246992CBB96
                                                                                                                                                                                                                                                                          SHA1:3B63BE5EC722349046085669102AAADE4BCC7123
                                                                                                                                                                                                                                                                          SHA-256:CFB8A9903AEDF94DC169FD7168DB8035BBE333C37406DCF3E4C0F12F4E7EACCA
                                                                                                                                                                                                                                                                          SHA-512:7EFE9E8DE74DA3B6897BAF1A803955095F40BDEECD86435C328AC79BA2F74B1C2FB5869376AEAB4A72E392DBA643DEE154412669FDD24AFF75719ACC6008B224
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a".".....s..p..r..k..d..i..e..l..g..n..^..`..[.$w."u..b..].&y.(z....<...........U.................j....,x..\..c.@......j.%x..o.....n.5..*|..d.......U...].....`.(p.7}..n....$t.={.9|.m...t.0|.g.....i.3.......U..f..].....2~....+o..j..Y..p.I...l.... n.D...r..q.B...d....*|.0q..a.)v..c..................%k..b..h.3..j...h...._...z.$v..a..........X.c...l.-o.%w....P..l..*w..a.@{.....^....1|........m...........d..i.....a.&i.&j..b........k.!i..`..b.....`..[.!i..e..[.....h.....g.....`..........`..i..d.....`.Y..Y...d..Z.){................................................................................................................................................................................................................................................................!.......,....".".....W..H......*\.p..7w.$.#&..;oP4<8...":^D.@!...DF...q...q.\QE.&.+M...2C.;+l....N...3.0.iM.4.*.0C...X%@)R.JV.*f.D8....h.F0.F ..j..a..`......[.`..{o.9.......#.cD..:...!...'.2k.<...!.C.pb....R.^=..).

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\awards[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 166 x 53
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4133
                                                                                                                                                                                                                                                                          Entropy (8bit):7.829445839884689
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:2eLaQhx1f3wiw1eMdEISTbq+D0T6lvTS2euC:LOoz28JIST2A0TKGuC
                                                                                                                                                                                                                                                                          MD5:10EAEC1445E0F0076343D197BAFB31E4
                                                                                                                                                                                                                                                                          SHA1:67634F29BEBD2298C481BAA352055BAB265470E7
                                                                                                                                                                                                                                                                          SHA-256:2C5CC3C5647A732C874E03223B42185177AF0687A0F02F6DDA87EA9C416D9E61
                                                                                                                                                                                                                                                                          SHA-512:C1497BF3AFFB1FB1F0AB0360B914F7CE03833E7752A04DACB1A14BF3AC454114E1C7D9EEF3FF4699CF1FB2F73ABDDB45649C6331111B1BE9D47E04D10A4404C5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..5.....................................@@A?>B..GUU\==ABBE;;=GGIAAC??A##$...lln......JJKIIJEEF...yyzwwxUUV.............................*.L=?O=>E........... &C%*B*.B`dx;<A."C-1B(+7......46=8:A58B..CCHVglz347=>Aefi.)B&.B!#(..&*1A16APVdpw...... MNP............!,A.%4-4A......9?F............NOJ{|u....."..1--$......>><<<:...~~|887...........1..9........4.."..;tm(e`5..6..5..<..6.8..:..6..5..5..;xp<..6..8..=`V'.z<kje..;..7.9..:..<..8..:..8.:..9..9..<..:SI'UP@..:..>ma?_W@ID5..;..;..;..>..>.p?|k?GE@..=.=.=fZ@NJA..=..?.>..?..?.z?uc@DCACB@.>..?.sA.?..1.m-IFA....r,.w2._(yX&N=$91&.....$..=.....=..R..e..u................................................................................................................tttgggeeecccRRRQQQHHHAAA>>>===;;;666000,,,$$$###...!.......,......5........H......*\....#6..a..7y2j........h......$.\......`..M.}..'......i..#.1_*].)..2...DU..P>.i2.h.$...T.*...N.]....>..6r.(."Q.....)S..r..1.....j..a.G.cI..e.4K..L.d.2t).cI}\.9...i..]9...S'O.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\backup_icon[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 56x38, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1294
                                                                                                                                                                                                                                                                          Entropy (8bit):7.421462665985397
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:lr9aWXrRtrsA02XLyhP4pbyxRdE0ZoudHMeO9ZHyOhvPuHE4QfWuivLTWukfhQm8:lrVNtp7yhq2x/E0U95yOMJHTvnWxfhQP
                                                                                                                                                                                                                                                                          MD5:1633635A2EAEA0A58512D6BA78D08F07
                                                                                                                                                                                                                                                                          SHA1:7FA6AC4D8A4D37B7B38726C4E41113AD6EF00B2E
                                                                                                                                                                                                                                                                          SHA-256:C55340A9667D0BA2827A3F0DD00AF0FD58A83FA27000FB31A7654AEDAD513BA9
                                                                                                                                                                                                                                                                          SHA-512:66B1D619B9B4AA1FC792FB74AC670F4BFA5E163B718FE7AC3E4142865A200825C0BB29C7A50022486B5985B39B97ABE8A93639CAA0DD9EF7625284C414974A2F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......A......Adobe.d.................................................................................................................................................&.8........................................................................................!1..A".Q2...a.B.$Tq.Rr.........................!1.."..a..2A..B.............?.....m.o.a_..V......N.d.1..60..H.7R.QA......."..'U..Z.n?.A.._.P....X..Wm..*..ee;....RhiPG..C...!Ac.h...K%.y......dm.+.P..$..A..=.........$.W.....f.XT .8.."..*.....I.....H..p..........]...............Z._=..i7..KS..5...X..i{.....fTv).._<j}.....1._A.u..G...I.%%...]M..y.t........c..wO;.diZT.$..9....#b.Q.2..&..e..+..H...R...T..2].a....A=....L./......?.~.......T&.M|..9Z..`....0....n.j.P.R........P9...5....m..........Q.....>..S.\..sd\%.....$..L.X.H...(5.a.....j..]~...|....;b..t...*.yj.0....{...U_..*.^?..Bv..+QS|E.L.4..Z.$S.Q.....].i.....Z1.....V.i}c,.1....+x2.y[\o..t.&.^3^dy........-e..Um....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\backup_status_bg_bottom[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 210 x 10
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):278
                                                                                                                                                                                                                                                                          Entropy (8bit):6.468844918386133
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:/hmf0ut4TubMUSoZTgZ/l2Wu/he9EsR19fp7n7g+7aR5sGGn:/2teILMZ/K/he9EUL7a/sGGn
                                                                                                                                                                                                                                                                          MD5:DB42F12DA5A06EC33B7C4D057B922EDA
                                                                                                                                                                                                                                                                          SHA1:B5DA3BF429FCD8DD98F072B3EE033C958D06586A
                                                                                                                                                                                                                                                                          SHA-256:BA859EBBB36E4D1BE7423A8DAC831055745AD6F4D745CE52AD31E07BD974FAAD
                                                                                                                                                                                                                                                                          SHA-512:70E89367DEB91EC8F341AC64F1EC8DD54DAA2DF9F15A541C3DA001F5D683C5BE4198F80952CB8684479BDD22A826E096B479D09B69436804DEF69E4736D27069
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................................................................!.......,.............\di.h..l.p,.t-..h.|... ..8...r.;<...tJ....A...z........... \...zN.......x..V....%...P...........................(.Z.9...................Yn%!.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\backup_status_bg_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 210 x 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):79
                                                                                                                                                                                                                                                                          Entropy (8bit):4.38325913202526
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CdHThYqOFzl7/lTkU2QLaFbFSn:8TkBlhsQLaFU
                                                                                                                                                                                                                                                                          MD5:D626A6C89FFD55872CC793483654F2CB
                                                                                                                                                                                                                                                                          SHA1:CCD125F5286876F6F1218C36F3B31C91E9B242F5
                                                                                                                                                                                                                                                                          SHA-256:B514FCCBACA6BABB6F6DFD28183DD660B348730677AB67ADD1EEA3F52EC94CB1
                                                                                                                                                                                                                                                                          SHA-512:3044308BF1A94777EA17B60F31F8DBEDFF53077D60591BD0D80D46B18B94448D9A6CD9AFA59D8101F9AEFB2884CA33B00863F772AF30A73CAF07D393A780ED7B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...............................!.......,...........(A..0...%.......^ $.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\btn_Upgrade_full_version_down[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 246x43, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3287
                                                                                                                                                                                                                                                                          Entropy (8bit):7.161488799558458
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:mPPMdLlp0G+FVWjNth2QkkM9cttttttttttttt/:nwrVWjNtRkkMOttttttttttttt/
                                                                                                                                                                                                                                                                          MD5:D82D1AB5102E54214E5CEF91E4CB08CC
                                                                                                                                                                                                                                                                          SHA1:064AA78FAA67F837F028CE373583A2947EA7F0AC
                                                                                                                                                                                                                                                                          SHA-256:A289139FD4BE251965E6CB74E2C0B4DC7D9EEFAE413DA33358BBAA1D3D74F21D
                                                                                                                                                                                                                                                                          SHA-512:473C8CFDE778901E574D7C42427A37399957F846ED0814565A5E2461E5F1E5708BAF4AC1EDFC85BD09E8210BFADC465B262CACB19A8BD21CCB2A870713BC4E87
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:670F7053328711E08880988A870B2BEA" xmpMM:InstanceID="xmp.iid:670F7052328711E08880988A870B2BEA" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:184C68AE30F711E0A0A18D724D62F9F5" stRef:documentID="xmp.did:184C68AF30F711E0A0A18D724D62F9F5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................+.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\btn_Upgrade_full_version_down[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 246x43, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3287
                                                                                                                                                                                                                                                                          Entropy (8bit):7.161488799558458
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:mPPMdLlp0G+FVWjNth2QkkM9cttttttttttttt/:nwrVWjNtRkkMOttttttttttttt/
                                                                                                                                                                                                                                                                          MD5:D82D1AB5102E54214E5CEF91E4CB08CC
                                                                                                                                                                                                                                                                          SHA1:064AA78FAA67F837F028CE373583A2947EA7F0AC
                                                                                                                                                                                                                                                                          SHA-256:A289139FD4BE251965E6CB74E2C0B4DC7D9EEFAE413DA33358BBAA1D3D74F21D
                                                                                                                                                                                                                                                                          SHA-512:473C8CFDE778901E574D7C42427A37399957F846ED0814565A5E2461E5F1E5708BAF4AC1EDFC85BD09E8210BFADC465B262CACB19A8BD21CCB2A870713BC4E87
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:670F7053328711E08880988A870B2BEA" xmpMM:InstanceID="xmp.iid:670F7052328711E08880988A870B2BEA" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:184C68AE30F711E0A0A18D724D62F9F5" stRef:documentID="xmp.did:184C68AF30F711E0A0A18D724D62F9F5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................+.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\btn_Upgrade_full_version_hover[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 246x43, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3460
                                                                                                                                                                                                                                                                          Entropy (8bit):7.602208474352046
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:mPPf1bdh0pbpbpbpQ18onGRCrotVHX2PrEF:zVVVGjnNUPFF
                                                                                                                                                                                                                                                                          MD5:1EFA477832D951898F8AD2DD8EF1CE11
                                                                                                                                                                                                                                                                          SHA1:6D624B6147786C2073F4948744FE76526A694911
                                                                                                                                                                                                                                                                          SHA-256:286EFB4769909CB870690353CED248046316A694D3A817B8B697D1675CB574BE
                                                                                                                                                                                                                                                                          SHA-512:88F7FA51DD0B5E91B3E609A9158ABDBD10C8F7F7B007255C784B28C6FA85B30D984B15491771EA4CC78DAEE8AC5AA4CFBC98AF4F08DD4FB2AF2CA8D3B3AE21BE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:5A1D811A328711E090BD9AE5B96089A0" xmpMM:InstanceID="xmp.iid:5A1D8119328711E090BD9AE5B96089A0" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3061418A30F711E0B34EC4408192046E" stRef:documentID="xmp.did:3061418B30F711E0B34EC4408192046E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................+.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\btn_blue_left_d[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1419
                                                                                                                                                                                                                                                                          Entropy (8bit):6.619701724268077
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVjJX4jayJ3Vj3BqUJfGsvEn5N9om3BQdvl11phLvEkhL:/qWHNn2qHAhJ3dZJfG5Nat1/VEkqXa
                                                                                                                                                                                                                                                                          MD5:DD25EFBEC411B3EFA3B83F61F2EA0B08
                                                                                                                                                                                                                                                                          SHA1:67603529F92ACF8DF0A5978C2EEB88788893B806
                                                                                                                                                                                                                                                                          SHA-256:21EF450AF611D517A2FF634AA26BCBD3E62033D0751A476F01E5AC2AE17EC5CA
                                                                                                                                                                                                                                                                          SHA-512:F69D49C6ED8D03FF2F949D203C5AC2CF58E3666379934BC170E9A1F9D4691DD4A057A8BAAB6914EB6247B5C2B2546FF38278CCE9CC9C3CCC58A0FB50A0276C6A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:FB3AA89D380111E0A17DE6A508933176" xmpMM:DocumentID="xmp.did:FB3AA89E380111E0A17DE6A508933176"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FB3AA89B380111E0A17DE6A508933176" stRef:documentID="xmp.did:FB3AA89C380111E0A17DE6A508933176"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\btn_blue_left_h[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1469
                                                                                                                                                                                                                                                                          Entropy (8bit):6.643691162514245
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVqM3hyJ3VqmLk3YGYGsvEtfsiwxjPoduxoNMS:/qWHNn2qEEgJ3ECcYvwwJwdui
                                                                                                                                                                                                                                                                          MD5:E76644C4CF5658B2176D764284858068
                                                                                                                                                                                                                                                                          SHA1:2EA01603BE5CAB32C15578A04C43362E62712BBA
                                                                                                                                                                                                                                                                          SHA-256:B75AD0CD5B7DD7E0E57DC58E84382E4AC826CB49ECB7BD06010E5E92FE0507DF
                                                                                                                                                                                                                                                                          SHA-512:677B24DAC82D8A66CAA91B553AEE2DECD5853D7734E99422B9418C30654315C1D7F270A52FC037C2DE6FA8FD713131418E88C9FFD34C1CDF1A2F6C1790CC3128
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:A08A1A3E380111E090C3A6392D459341" xmpMM:DocumentID="xmp.did:A08A1A3F380111E090C3A6392D459341"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A08A1A3C380111E090C3A6392D459341" stRef:documentID="xmp.did:A08A1A3D380111E090C3A6392D459341"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\btn_blue_middle_h[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1232
                                                                                                                                                                                                                                                                          Entropy (8bit):6.180535719046466
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVR/LaOyJ3VR+MtGsOcl3YfQB9d88:/qWHNn2qTzwJ3TX1O09dj
                                                                                                                                                                                                                                                                          MD5:CE495F2C88C485F9277A83567518D308
                                                                                                                                                                                                                                                                          SHA1:C412857C41DCF40AE9E7F9E6EF6F857151C6C35B
                                                                                                                                                                                                                                                                          SHA-256:ACFA950C9C9799DFB1010B8F4051B8F7F428D0C217A3DD94CEC4FBEA8FA75EF7
                                                                                                                                                                                                                                                                          SHA-512:C6893FFBDAC253EC6FECA060EB00586CDF0A3B1C60C45E78FDE6001174B1C03429295B87A09D46F53BA6B2F2D3FBED567D60FEF3820E24A7CFEF1994911E7774
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:F7365387380011E0BBB9F2D58EEF10E7" xmpMM:DocumentID="xmp.did:F7365388380011E0BBB9F2D58EEF10E7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F7365385380011E0BBB9F2D58EEF10E7" stRef:documentID="xmp.did:F7365386380011E0BBB9F2D58EEF10E7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\btn_blue_right_n[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1617
                                                                                                                                                                                                                                                                          Entropy (8bit):6.787060816969051
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:5K1hI+Wwh82lYSKwSCf1EVANT3J8yJ3V7lGsvEIGZQlNystaLfJbtZ/YGPLHifsW:mWHvnL+EGdvJ3n0ulNRKfRtZ/nOkW
                                                                                                                                                                                                                                                                          MD5:65C1AB35DB520F52DE42031DB06475C3
                                                                                                                                                                                                                                                                          SHA1:D105F4DD16A01FB34226A4FA336A7392B5891CC7
                                                                                                                                                                                                                                                                          SHA-256:534C6C36173235DAC2A1E9E282E16A9CB5C3E917F01671EEE26558B5E417D47F
                                                                                                                                                                                                                                                                          SHA-512:2A4192E27253A204CF039598C3EF6E4DC095AAE0E1F88D1451DD4AE746CB9883688AE3E98249132238FC5DFA052BC9A4CD72C2FB82FB0C2A58A9FC61257F4086
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....ehttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:90BD1A34380011E0946EEDA09C79EC90" xmpMM:DocumentID="xmp.did:CC2570C2380111E08E95F96F3B6A1BB7" xmpMM:InstanceID="xmp.iid:CC2570C1380111E08E95F96F3B6A1BB7" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3A28C5D0CD00DF119952E8227A1E89A1" stRef:documentID="xmp.did:90BD1A34380011E0946EEDA09C79EC90"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.......................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\circle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 79 x 79
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1301
                                                                                                                                                                                                                                                                          Entropy (8bit):7.478124670255349
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TuMHigBVwT/CjfrFZv9qev+zk6917eFsnm8GDyhGQaaBxfi5Swgle:KMnYYDz+zte8VBk8K
                                                                                                                                                                                                                                                                          MD5:918E19B2D624A9D4DB73D86F3B76BC2F
                                                                                                                                                                                                                                                                          SHA1:DE67CE22BBF59BCF606E9081E0159D0288566C3E
                                                                                                                                                                                                                                                                          SHA-256:6C7FFC0EB36282595BCD806064792E4ECE94CFADF7F35863046D517D20B9B519
                                                                                                                                                                                                                                                                          SHA-512:BA4C2F95C7803CA059B7ED4AC2241B266902DC3CC7173A76F4305E629BC449EBB0AC766FC00A84F0CC31F04A580B643ED90A4F2872C6EDA0773CD4D2B5072685
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89aO.O...........................V@.dN.o\.zb..f.o.y...................".L&.O(.Q*.R,.T-.U..U/.V3.Y5.[6.\<.`?.c@.cD.gE.hF.hM.nO.oP.p[.y_.|`.}b.~c..e.d.f.u.v.x.................................................................................................................................................................................................................!.....\.,....O.O.....M..............ORTVXZZ[[.XVTRO....OSX.....XS....OTY....YT....R....XR....KD;7.&!....!&.7;DK...OU..9........29H.U..S..B,......,B...2...+...@.a?.;.....K...p...!....H%U...S.{Q!....P.9.....RU......6..a..N^=..P!.i.....*y..C.X.!hy.e().*..J.....F:r.qK..e..HrJKEGWN)A.7..%..8.w.h.3P..%..a ..,.y..............@....-.B;.r...(..\U....SQ...A.1..N-1....m..5!.EHq.BN-.tZ...2..zr.@..}3.8..y...sH.~....-.79.....nc......}.A^..m...q.pJ1=.`Y.t.D^.(. Y....i'\........X.PW.mECbS....X.2.)0:%c.5.."&Z.x.9.d"....a.*....k.na!.)e..`.B.R...T..Vr.`ZM....]:$`r..gY...w.{....>.-9.ys..&..]..7 .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\common[1].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3792
                                                                                                                                                                                                                                                                          Entropy (8bit):4.798325169067674
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:LL0o6T+5dtxbhDMLuXv7MuXo5/nXskKtTqeuX4T1bpfFLmmVbY1D1F6VspSJ45UE:/Z6CThDMLuzMu45Ps3LuIhvvVWxGJEUE
                                                                                                                                                                                                                                                                          MD5:91ED37B6B6D2E3291AC87760E50FB82D
                                                                                                                                                                                                                                                                          SHA1:8528AA1D8754A2571DC596637A59A02DD43F7369
                                                                                                                                                                                                                                                                          SHA-256:06FABC9B438889ACB519F95DA8D54DB895D6BA305C803C0747AAD3281B42E9CA
                                                                                                                                                                                                                                                                          SHA-512:933E8137201B636A52898BA8CB8A3FE0587D1BC4739F4ECE7B16873B379DA516CD6C0A8C2B48894DA64E4FBCF6A8CFDE543F1DCB3816A385B7A7D724A77D7EE8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:var baseUrl = 'https://rightbackup.com/';.$(document).ready(function () {. // Validate Username. $(".with-errors").hide();. let usernameError = true;. $("#txtUserFullName").keyup(function () {. validateUsername();. });.. function validateUsername() {. let usernameValue = $("#txtUserFullName").val();. console.log(usernameValue);. if (usernameValue.length == "") {. $(".with-errors").show();. usernameError = false;. return false;. } else if (usernameValue.length < 3 || usernameValue.length > 30) {. $(".with-errors").show();. $(".with-errors").html("**length of username must be between 3 and 30");. usernameError = false;. return false;. } else {. $(".with-errors").hide();. }. }.. // Validate Email. function validateEmail () {. const email = document.getElementById("txtUserEmail");. email.addEventListener("blur", () => {. let regex = /^([_\-\.0-9a-zA-Z]+)@([_\-\.0-9a-zA-Z]+)\.([a-zA-Z]){2,7}$/;. let s = email.valu

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\company_logo[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 158 x 24
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2771
                                                                                                                                                                                                                                                                          Entropy (8bit):7.745433464707424
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:QcnYt0zewDDYTbdd1563IoOJImGEU3kkmWyw9OAzQK:SiewDcJI17mWywlsK
                                                                                                                                                                                                                                                                          MD5:AA72E6188919E2BF29983C7EA21211A5
                                                                                                                                                                                                                                                                          SHA1:E51C8AB983D8D283ED85147A020022D62D5FF89C
                                                                                                                                                                                                                                                                          SHA-256:32C84D6D200222750BDBF56000A67129D0005D75E6E9A96E88EEADD56018AF33
                                                                                                                                                                                                                                                                          SHA-512:BACBCE34122EAB9CE4C7BBF9F0F633DF4D1C5C4C286E9663C505850FDF1392DFA6DE5E1E3DFA8DCB1F4A5C85A4DF1CC7A76165D11C230764A0529B78EC3AA08D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..........+++.........AAA......$$$)))###............222.............OOOGGGsss................................................NNNFFFTTT...aaaYYYeee<<<]]]ZZZ...%%%"""......'''!!!......................................ttt@@@...RRRDDD....EEE___...MMM|||............UUU......SSS...(((.........................CCC.........vvv......lllhhhkkk......ggguuu...///...===......ccc..........iii&&&.........mmm*** ......LLL,,,...999..................................???......000...---888pppwww.........555.....XXXqqq......```.....~~~VVVWWW.......jjj:::nnn...333......ddd^^^;;;......111...BBB[[[........PPP....III{{{>>>bbb.........\\\fffrrrooo...666...yyyxxx.........KKKQQQHHH......444......}}}.........777...............................................................!.......,................I...... .'OXI.8P..B...0.M.K.qH.C...(S......!.`.x....l...QF....X.@)Th.m........9.7y`W...4.Q....v...T.`R.90...(0V..p..[...'o...R.G......F1...]P.(.S....3`U.......9..'..s..C...9.P2bG....+

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\email[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):322
                                                                                                                                                                                                                                                                          Entropy (8bit):6.316826348216969
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:PJ9h3sRTcdYidxUOGJKjZv0GcOl9E61Vr2O5n:PJ9VsNiYKSyjZv0W7L155
                                                                                                                                                                                                                                                                          MD5:0481FC0A82C6D9E0B16A994109CD0006
                                                                                                                                                                                                                                                                          SHA1:64BBD24F7F39533E0B98D99C5B88F9596B9B16FA
                                                                                                                                                                                                                                                                          SHA-256:CF3F3079EA1B24C8393FD238C4BC1A11B353F8B484EC7CB3C5F4F8009D326AFB
                                                                                                                                                                                                                                                                          SHA-512:65B615F60243AF73DD711F50D0C9604AAB4430118B8E819F2C44066903E321141EC7849C56AD6F8D1F35528FA2A52597A59A71CB4BF42E34A6F4C58B07F54386
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a............................................................................................................................................................................................!.......,.........._..pH,..B.l.l23..s...(.).......VPp0......4A............,..".L+.R..)*.0..'K.!ZK..K..L.0$.M.H..CA.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\error_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x65, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):356
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7511525303414515
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmB9mMqtlDlW2t5/H3lClI6q:2P0DkzRrx/8Zq
                                                                                                                                                                                                                                                                          MD5:844A84E2CE8064ADFAADCCBBF988FD19
                                                                                                                                                                                                                                                                          SHA1:7D14B794EC95CE10CB2C835A10CB4E5C56A3119F
                                                                                                                                                                                                                                                                          SHA-256:1BC7E2AAC827863D813A7FEFB6C6ED538CCC6A56628B54AC8C83190A91B317FA
                                                                                                                                                                                                                                                                          SHA-512:A95281B618E32FE6E3163254F760DC291B103F3856446D056EFA0A4D2D4AEB7E4F33FE1AF6508C24789B59ED276EF1159E81C355C14EAE96AC940ABACFCBF960
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................A...............^..................................................................V......................S..............?.....s.z9pq..w...b.LU........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\error_info[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2096
                                                                                                                                                                                                                                                                          Entropy (8bit):6.765633264481736
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:KIaa5rz5GIpNn2W09IhKBJ3gg/L8Qy3Jud:L5f512D+GA3Ad
                                                                                                                                                                                                                                                                          MD5:2F30BABBEFC821976EF9676A286864D2
                                                                                                                                                                                                                                                                          SHA1:57B0F123B292DF8C582C2196202C87C4CA96EF2D
                                                                                                                                                                                                                                                                          SHA-256:DA88612300A158FC898EAC8F6324BA58F844AC9596D80A879FDB294DD9E71E8F
                                                                                                                                                                                                                                                                          SHA-512:F87E4BE62EF652BB6F68335E12E2DB6B8AD7D9A0646248E00E305590913F24F3496D8345CDE072F19D398BB8990104906015BEEBBDAABA70193D5AAD9D3AB360
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a........k.o..%w..Z..H.._.j..!t. s..\..j..]..g..>.....p.....l..t..w.%x..m..T..I.*{..i..k..K.....Y.){.v.....S.....L..........T..~...........s........:..k......o.............:.....X.f...r..........n...k.......]......a..S..............K..S..j........\..b....]..........<p.9p....n.....;.............U....1..c.................6{.f..n.....g...k....}...J..a.v.....n......X.......5|...........k......r..a.....0....Y..o.u..1...................9...........................................................................................................................................................................................................................................................................................................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\getipaddress[1].asp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):78
                                                                                                                                                                                                                                                                          Entropy (8bit):4.54396255319831
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:XMzKXvwg3e18S4c4XrRdBBwgn:wKoP1D4c4XFD9n
                                                                                                                                                                                                                                                                          MD5:1D34886CBEAAEE1C4DAC496E0E7DAD1F
                                                                                                                                                                                                                                                                          SHA1:A06667C4E29DD56A9C42D625B36BE068BDB2D54C
                                                                                                                                                                                                                                                                          SHA-256:E7267B5F6D5351D9EA078326A31E7DA94768C6776264A8B4D4DE71CA203C61C4
                                                                                                                                                                                                                                                                          SHA-512:DC1C00D3C32AAB2249907AD61D96B54FDCECF59DAC0650D72AA40A75266C3E27BF036D7FD5999262F60210F99E92A07D7DB3C5B6652CAF05D3D15BB9B227EEA8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Moved Permanently. Redirecting to http://www.rightbackup.com/getipaddress.asp/

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\graph_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 136 x 135
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10093
                                                                                                                                                                                                                                                                          Entropy (8bit):7.814952176854079
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:JCLB1d2Idn4VdtygI9AY4+6gTvKuqcpgCImj9ra5YX4Bac:JqBvtdnStyRX4+6q1fImj9rYYoBB
                                                                                                                                                                                                                                                                          MD5:7C53D144D160F40D6A8FAE21D5A73813
                                                                                                                                                                                                                                                                          SHA1:F1E372F624C9E5FF5D97F922767236B9B72888F0
                                                                                                                                                                                                                                                                          SHA-256:716AE891C070263B44D23D7D3D5C8D9341731AEBD5916020660F42E5DA7322D4
                                                                                                                                                                                                                                                                          SHA-512:27C22412EE0F82FECCADEDF9F9DCB4AB6EC0C7409A4C649180CF0497AE8527C8395BB200B3B68361A70536F5AF5BA541C1847A56EDE94525642A16ECA415D6A5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...........................................................................777......666.........;;;.........888AAA......:::...............BBB..............999.................CCC<<<................>>>.........@@@...PPP...???...rrrGGG..................dddSSS............RRR.............................```...............NNN...TTTccc............QQQ[[[......ppp.........OOO.........aaa...............eee......===FFFggg...nnn.........HHHJJJzzz.........mmm...tttDDD....................YYY......lll...MMM............................wwwUUU..................{{{..................................................qqq...]]].........\\\...LLL......VVV|||...ZZZ......fff...bbb...sssKKK.....................................555.............................................!.......,...............H......&.@i...WP...a...'x.!...:.L.....(S.<.....0.I..;.-.....@.i.2#..H...AC.P.jh.....9X.a`...v..A.....1..0.."G...V.q....sn.Y)H.....v@....c.C...M.!......5-.y.N.X..B.hG..i.........4

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\graph_bg_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 8 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):192
                                                                                                                                                                                                                                                                          Entropy (8bit):6.355224619404955
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlvvtcm4RthwkBDsTBZtH9AyfU1QNdl+YnDEaWvMAOvgposAbljp:6v/lhPD4nDspH7fOXYnDEa1ADosAbljp
                                                                                                                                                                                                                                                                          MD5:672C70122DA76E18A948290E077BC7C2
                                                                                                                                                                                                                                                                          SHA1:4EE6A30E03CFF600FD2E6AD9779B0F6281681ECD
                                                                                                                                                                                                                                                                          SHA-256:60575D936583C15466C674E7025AB167E943C3916F52FAD4A1B04E18A24E0DF1
                                                                                                                                                                                                                                                                          SHA-512:B4D14D357DB1FC8A6A70720C313A47045F5CD79567A76BF70AE38039433965588BC52006E1C2D6AB40D7FACBE8EB320CEED1A4B1A3CEB1ED593FC4934E75D307
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......(.....L.,.....tEXtSoftware.Adobe ImageReadyq.e<...bIDATx..1.. .E..f..9.t@.4.M.'.o....skMDJ).wz.1.9....p......8.G..."...1F.5W..).+.f6.c..V.Z+.)....t.2...i.....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\gray_dummy[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 132 x 34, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):981
                                                                                                                                                                                                                                                                          Entropy (8bit):5.9357836547919725
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:da1hNo7FCWwjx82lY2T3/VoecLyJ3V3SD0bGIDo/:d4zo7FDNn2DJJ3n7o/
                                                                                                                                                                                                                                                                          MD5:3CB8A1FB929D89701C25F46116F57B71
                                                                                                                                                                                                                                                                          SHA1:53BA73637E5052E2407464E44BC8CD8BA1E35E92
                                                                                                                                                                                                                                                                          SHA-256:5653DCD7DFBE01730B80FC18009D959B28DCF28DFD71F379A8AA57A73EBF1123
                                                                                                                                                                                                                                                                          SHA-512:C5837EA2FA220D4BEA337574C5EDB40516F68308EA30C389E509C28248F51F5EB3C891A3FC3CE3872A64AE6B015DD44043821BCCD179972CB4693C4AA97A3126
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR......."......c......tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:6E5844F901C311E88E3DED6624D79EE2" xmpMM:DocumentID="xmp.did:6E5844FA01C311E88E3DED6624D79EE2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6E5844F701C311E88E3DED6624D79EE2" stRef:documentID="xmp.did:6E5844F801C311E88E3DED6624D79EE2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......JIDATx......... .?.;X.9.@..7D..d.@..d.@..d.@.2d C.2d C.2d C.2.!..2.!.._....[0^..R.u....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\home_refersh[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1426
                                                                                                                                                                                                                                                                          Entropy (8bit):6.942859255318761
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BkVal1he91Wwjx82lY2T3ouVq9arXyJ3VqOcreGY8ZF6FRC+:ZqQNn2xo9eCJ3o7eL8ZQu+
                                                                                                                                                                                                                                                                          MD5:88BFBC4F725B3680A7E4D4F9AD1C2CB0
                                                                                                                                                                                                                                                                          SHA1:5CB15DAE718080AE6CC7985CE932FE2E6C09C8F8
                                                                                                                                                                                                                                                                          SHA-256:073EB1D3B1528B14F8135370D36B6E5E06784771E3C995B5A67DA1EA5E41A130
                                                                                                                                                                                                                                                                          SHA-512:599D1D28556847CAC74BDE8BAAF3A3C9A37BA58610F14263AAB4BF9DADDF20D0398D22E7A21C334DE190DBAEC320284882CAE9492D3414E57756D98079BE035E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....+.u..m..s..o..w.....a..k..Q.....[..U..Y.....y.....e.._.....i..]........M.....S..q..g........W.................K........c.....O....................................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:D64F810D99EE11E39A758C55FDF38127" xmpMM:DocumentID="xmp.did:D64F810E99EE11E39A758C55FDF38127"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D64F810B99EE11E39A758C55FDF38127" stRef:documentID="xmp.did:D64F810C99EE11E39A758C55FDF38127"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\home_status_bottom_left_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 225x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1410
                                                                                                                                                                                                                                                                          Entropy (8bit):6.1445270877091716
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:WjJdY7FhxmxpUtpUtpUtNngsvJWaaspnBUY7uvJY7oxxFFFFFFFFFFFFFFFFFFFf:OJcmxpUtpUtpUtpryuwxFFFFFFFFFFFf
                                                                                                                                                                                                                                                                          MD5:795AC43AD12F42E91ABB8202E7329906
                                                                                                                                                                                                                                                                          SHA1:BA1DFD1984934225BA67ADEF502B8C97B57F861A
                                                                                                                                                                                                                                                                          SHA-256:BC492ECD86CD39977BE4EBF1BEF65EDE8B528767B56E2FBE8363973B245F3C1B
                                                                                                                                                                                                                                                                          SHA-512:5C91E7FA390C5CE24282182DC1AEA899EEA062D73355A0941FEC0980BA1D23FCE8B74D9362B4618928569CA594E3B69C758947B5F7045303A6AF9665298767E7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................V...............p....................................................................QT..t6.R.C....................b..$.q.3...............?...]d.z...Z...x.K\?.<D...q.O....;h...\]F....*.....\]@0.p.....n.qu..m......U.........`6.W.P...*.....\]@0.p.....n.qu..m......U.........`6.W.P...*.....\]@0.p.....n.qu..m......U.........`6.W.P...*.....\]@0.p.......=W.o.I.....xG...m...........................;Z.....I3..\v..>..;h.#B.H..H..H..H..H..H..H..H..H..H..H..H..H....}s.|F.$..~.;i./O_..R4,.........................j1...#..H|.\v..>..;h.8..'........q.8..@N '........q.8..@N '........q.8..@N '.........}W.o.I.........E#B........................M....+..L..?W........)..........................v...U....g......|v.D..................................?W........)..........................n...U.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\home_status_bottom_left_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 225x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2450
                                                                                                                                                                                                                                                                          Entropy (8bit):6.6042473155763295
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rVUKTFzCCTlyJ3VETAeTKGKRbi6yelO1YQVVVVVVVVVVVVn:NpNn2feKpRIJ3mHGV94elOS3tZXn0
                                                                                                                                                                                                                                                                          MD5:AB0D4A39E016E9808197C0C5FFAF9B96
                                                                                                                                                                                                                                                                          SHA1:94F2E56031AB85F6D4AA5276203A49B878F9BCDC
                                                                                                                                                                                                                                                                          SHA-256:F70DF2D18B25799FBD40588B4FCD20BAD4898D35C8A83CAA0004372519BF590E
                                                                                                                                                                                                                                                                          SHA-512:32D7B52252F8F172DC47762872408AB67B4B86048D972E9F7B93672A001B17E9BC935DA692E6F517DF6DE34854E15A5F0FE559C2635370CAD3DB9CB92E3D593D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:E33AC6BCF18C11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:E33AC6BDF18C11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A95BEF5BF18C11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:A95BEF5CF18C11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\home_status_bottom_middle_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1197
                                                                                                                                                                                                                                                                          Entropy (8bit):5.822154442162251
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rVdFtlyJ3VCAzKGKxtA5D+3:NpNn2fAJ32VCK3
                                                                                                                                                                                                                                                                          MD5:AEF4F0E6AFF233517107739B1E9D0FA2
                                                                                                                                                                                                                                                                          SHA1:73B989EEDC37651874BB04EDFAA862DAEB810758
                                                                                                                                                                                                                                                                          SHA-256:0879DF0C6960F2D0685B480F63F872B3EC902B8A9C1D7220F82BE9C7DD059C9B
                                                                                                                                                                                                                                                                          SHA-512:BB7722072503EAC9189376FC89D09AC9B2E280B22274DD4152D27F94D8F6B9868F68BEFF15EE8936345148D7083700BF4EB8A2DB5AFB5ABF0ED545F893511094
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:F9CC6211F18B11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:F9CC6212F18B11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4F49B216F18B11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:F9CC6210F18B11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\home_status_top_right_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 10x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):796
                                                                                                                                                                                                                                                                          Entropy (8bit):6.704086101587927
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P+Ec2bF5nYTkH6QLxaGVRg7ew+aoXy5mddm1+Cqxt6SQYuRKacYp/kaVRX:WjJdYTkaMVRg7P+a/5m61axBvaVR
                                                                                                                                                                                                                                                                          MD5:950BD7A5389B76FC20249D5DA16D18DE
                                                                                                                                                                                                                                                                          SHA1:2368AB70ACAD0E32FB08D4B9A45ADC230088E255
                                                                                                                                                                                                                                                                          SHA-256:FFF12E8AA6A80A4E05F219752B99842950F77A56C801BDE9D2D07E1432CCC350
                                                                                                                                                                                                                                                                          SHA-512:952EE33FA883E4F98C41E4605617BBA33A8BCD36F6B28862152B62B196A4B8182EC9F42388AB16A261FED8C55C27E61E6B151454480F58330B4FE21EDB918CB5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................................k............................................................3.t.....1AQ..#......................q2..Qa..!............?..............c;]/.v:.u./+.#]w.....*r...'.Q.~...113..3.?.a..".........~..o.......X...m..`...H....7.x..x.m/...-.E....C..%..[i~X+io.-$p......-...K..[K|.i#.....u.n..._...[.I.('p...Kw.6...V..$ZH.A;.<]b[.......".F...ab....M..,......4HV...X...}..`..H...B..X..x../..m-.Ed.......%...i~X3io.+$`......-...K...K|.I#...P.u.n.7._...[.I.$/r...Kw.>...f..$RH.!{.,]b[.......".E....b.......,......,@^...X....6....".E....b.........w..$NH.....]b[...._...[... ..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\inner_page_btn_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x65, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):388
                                                                                                                                                                                                                                                                          Entropy (8bit):4.298614456440593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmB9mMabH0tEetfitHJlJUXE6bvWJimH:2P0DkzRUBtfitVUXE8vMiM
                                                                                                                                                                                                                                                                          MD5:728838B59B34B11FFB04F0A696826DCE
                                                                                                                                                                                                                                                                          SHA1:95EBEF0CFEA4429E5708D2DF2AADFAAB14E857EB
                                                                                                                                                                                                                                                                          SHA-256:ABECC99F18DF9E07BE988F9F425F373035AED82E56B24B2F03EFF001A2C252F9
                                                                                                                                                                                                                                                                          SHA-512:C3F3B187D4028ADF1EBFE5AEF6C7EA5DBA3DC9BEA4C5E217FDA75B45B1757A6CC4D0D108E32C926BDB9967C708675922A74107444CB8AEF2EF3E607AD0665627
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................A...............e............................................................Q....a..R......V......................!............?...........qm......L!p.3:cJt......0. E...@.p.T:....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\inner_tab_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 30x28, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):743
                                                                                                                                                                                                                                                                          Entropy (8bit):6.452435647096856
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0DkfFwa7/82GeSw4fiEF8rTjCraf715Rqoy2bX:TmFLRXxXI8rT0qRqoy2bX
                                                                                                                                                                                                                                                                          MD5:1B751C767E1793DE0A794DC4380C3389
                                                                                                                                                                                                                                                                          SHA1:CAAE6F48A89BA8AC7BF27F8EB85C2F6867BF5A47
                                                                                                                                                                                                                                                                          SHA-256:A1E382749D8541A547CCD3B7D2245925A3EDF668B80A58833B72DC2752A09C3A
                                                                                                                                                                                                                                                                          SHA-512:150F8399223EAC175FF79F40B63AF46B383ECDC610EC39E4473FBC093C53E8E6ABEB1CF77577D0B632E43D6F50FE32A69FE68F530426E1094375198B1492EED1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................q....................................................................1..!.."..G.b$.6vA2#.%5.f'..............................?...]....E......r..6D..D.M.U^.,..K)..c.X.QB...@.f1.hU.2B..#w....eVI.o.H). ..rQR.,(..K.!..`....r.r.+-p.......43.6."..L.<#.....i}R....L.n@......?..s.s.;........T....4.lI4.5..]...{....... #.#..fM.....`4^FzO.....m..O.XX..>..$....d....,2k2.>..S..o4.N...3/..A...FzO.....Z..L.>^.........j^....].{.j....O.............W.9...4[...D....y..`'nu.bJ.....j.k..w....Z.........)...z{..}.o...o..og...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\jquery.min[1].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (32038)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):95992
                                                                                                                                                                                                                                                                          Entropy (8bit):5.391333957965341
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmm:R+41ZqLTW8xRrqSb8qGH77da98Hr3
                                                                                                                                                                                                                                                                          MD5:F03E5A3BF534F4A738BC350631FD05BD
                                                                                                                                                                                                                                                                          SHA1:37B1DB88B57438F1072A8EBC7559C909C9D3A682
                                                                                                                                                                                                                                                                          SHA-256:AEC3D419D50F05781A96F223E18289AEB52598B5DB39BE82A7B71DC67D6A7947
                                                                                                                                                                                                                                                                          SHA-512:8EEEAEFB86CF5F9D09426814F7B60E1805E644CAC3F5AB382C4D393DD0B7AB272C1909A31A57E6D38D5ACF207555F097A64A6DD62F60A97093E97BB184126D2A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/*! jQuery v1.11.3 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.3",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\left_black_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):71
                                                                                                                                                                                                                                                                          Entropy (8bit):4.724487268801714
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CslVHxl7/lXlZh3uE1C1bn:NlXlh1Q
                                                                                                                                                                                                                                                                          MD5:C1C6B9A2DE0F4D29A5895091D7EA3ACC
                                                                                                                                                                                                                                                                          SHA1:2DC3D63EDDBB032B124BA73DF02AFD34D3DF2698
                                                                                                                                                                                                                                                                          SHA-256:2A2C71D2FC12C1FF712FE23C46B3110F5C0C63ECC10DC689E1EFDF6332E2E06D
                                                                                                                                                                                                                                                                          SHA-512:956537BE2C60F95AE35F760CA76A97D6A71EC8E3EB5DB5D435B7386B961840A2D6A224ED662070E8B3760CE97C113D3E4EFCB2182886627598C4084548783EB2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a . ..........!.......,.... . ....................H.........;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\left_mgcp[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 170 x 59
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1591
                                                                                                                                                                                                                                                                          Entropy (8bit):7.56120281147269
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:bsR0ml5xEac9A4temQvlPzBwS/cqWdDERf4cbZAaovpn1A70rtwjs1:bEl5xEac5exl3vuIfJbZAfvJ1AwKju
                                                                                                                                                                                                                                                                          MD5:14A9661DD7FB5C2871E1CA65EA7ED270
                                                                                                                                                                                                                                                                          SHA1:E92FC71EED4B59A6659FB35624F0CD7E627003E9
                                                                                                                                                                                                                                                                          SHA-256:604ADC5BCD9A6C5619C991D2F71C2AE8D190AA07EAE40A25D4D65DF6C45BDE59
                                                                                                                                                                                                                                                                          SHA-512:BEAFB1991FFB35FF5D9C5BD62CAAB67B97F99463E528CA4A3E62227B9F0BF2B2207E5AE01E02702DA1D39F769D47E7B10B517F730ED21B6C3588C56DF944ABBC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..;...................}..x..s..m..h..c..b..\!.V$}P'xN(mI*\B-I:/.............................}}}mmm\\\III222..........................................................................................!.....".,......;......pH,...r.l:..tJ.Z..v..z..xL....z.n...|N.....~......._...q.... .]....F ...!..o.....G.....S...w...E...r..B...E....R .x...D..t.......!........D....D....!.........!.......!....D.tuX.!D...(......^......L.J..F.V.,..].R..&qB@d.4IQ.P.HQhT..3..f...oH..!..q.)..!W..I,Ej................2....Z.Z.t..E.jY.24......y.>.k....tc..[fT..Q.....,.Y ........'.......!.6.A9......t....O..E.....l.o.......Q.j...]2...i.10.F".H:#....s..S...5N.B...!..S..>.;O..B.....B.B$Gi......Q.~1!...zG.4.`..{..%\r...V?....w.QP.KA.-.AQ.......4.r'...H..e.x..eH.....U?.....r._....W..8.Ba.8D+o)........lI)D.*.h.8.x......O.|...........?.X..+...J.@.......@.R.z.........an..~..YO.@...Bl....iP...y.n........BK.F..b.v.].$.Q.......+...k..&...6..... ..G......P.@.-..:KP.\.L.jHAPt@.n..<.E.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\logo[1].png

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 259 x 51, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5464
                                                                                                                                                                                                                                                                          Entropy (8bit):7.872916174358433
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:jo7F52dNzHnE+x7EHs/LEGfbQ3iYbwsNlB8qjz8nE2VSctNPm82L/cfy58Q1O6E9:E7Fszkg7XwGc3Bbw0lB8qjwSmBmNU/n9
                                                                                                                                                                                                                                                                          MD5:5EFD00B3A8AAA940460E7452EF7FF359
                                                                                                                                                                                                                                                                          SHA1:AF8DBE117274A5833614E1786BD54F4228A96AED
                                                                                                                                                                                                                                                                          SHA-256:2C75A132F786CB29B53A5AFC72579D254F62DF5B714EF000935F3A5D409278DF
                                                                                                                                                                                                                                                                          SHA-512:827449E4047CE54BF3DB84C2797734AD246B89A9B4327E38F9D0ADD403D8BDFA3C44220C305B32E8EAF3D520006D3E94D0727AC98A8F0B515E13315EB67703F9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......3.......m.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmpMM:InstanceID="xmp.iid:8722DA18D4F311EC8D32D8E2843E8F65" xmpMM:DocumentID="xmp.did:8722DA19D4F311EC8D32D8E2843E8F65"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8722DA16D4F311EC8D32D8E2843E8F65" stRef:documentID="xmp.did:8722DA17D4F311EC8D32D8E2843E8F65"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.Y X....IDATx..].XT.?........h..)6!.0F.X3X...i.(I|.`..&..n.u.6i.`Lkc... I...t.F7q.c.u......E...Qe.y.....g.r.w...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\new_schedule[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 19 x 19
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1467
                                                                                                                                                                                                                                                                          Entropy (8bit):7.137519210371142
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:iODlXjal1he91Wwjx82lY2T3ouVA/f7AO2yJ3V4Dm6MGY88g/jX+:jDl0qQNn2xiZtJ3U2L88mb+
                                                                                                                                                                                                                                                                          MD5:1CB6A22A886F722B38108E007C63685A
                                                                                                                                                                                                                                                                          SHA1:B0AD8CC02B97979B3662ACE517234B2362EAFD16
                                                                                                                                                                                                                                                                          SHA-256:98DA589DD362D8102EB52471F326A83192F8614CD433EF1397375F1271BAF158
                                                                                                                                                                                                                                                                          SHA-512:ABBB1E2127778B42545E8EBC4758FC861FE14DA1CFE93A49BFEFD26C36660D076176C4BB798813EF97690102CFDF29EBFEEBD149F538CC933ECFADFFD3668DEB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....:.............DDDwww......xxxiii..............fff<<<......vvv...{{{...jjjnnn...................!!!......lll...PPP...LLL...........oooSSS(((....HHH..................))).....................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:93A8407258BF11E3B79AE43542DF7FB0" xmpMM:DocumentID="xmp.did:93A8407358BF11E3B79AE43542DF7FB0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:93A8407058BF11E3B79AE43542DF7FB0" stRef:documentID="xmp.did:93A8407158BF11E3B79AE43542DF7FB0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\pause_disable[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1322
                                                                                                                                                                                                                                                                          Entropy (8bit):7.3415010568616585
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TivxAzDAhypG5iPSElHAMNrMq/xtOHcoFDOLkndeDi4g84hsuCCG/Qr1m4:TiqHJlSyBN4q/xiLFSLkki4yC/r4
                                                                                                                                                                                                                                                                          MD5:2257E5262EC0096A172E5C895BCE36D0
                                                                                                                                                                                                                                                                          SHA1:31848C90D82D13D711AEDEFFC503942BC3B694AF
                                                                                                                                                                                                                                                                          SHA-256:AA7249002258A66B461506760710BFCCDB976871CF05F08FB00D2E7F9BAAF3B4
                                                                                                                                                                                                                                                                          SHA-512:F213805B0F14E8EE077967149C0817C3E788BEB899B3FB18407F9794A2F050AD2794AE831D2A32A44B2121E6047FD506C97476FFD41FAAB5BBADAE111554A813
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#.............z.........................................................................!1"..#3S72$.AQ..Bb4%5e.&6vw8...............................?..S|oj..i.:.={xn.....+u..kn..H.+.p.....G+.J*a..P..H...T..d,.S7N..2......(.K....]..N9....1.......' ..C.N..ydQ^...-..{[T....0....'w;'...7ne[.8......}u.d......3l..XH[..c...Q.o..uZ3(0{..S......V.s..@...#.R.Z...........~.Z..\......?w_K....!..]&J.Y...*..2.....E..D6......7.j2.\....HS....J&c.....}.z..~:.%..........\.W_.;XZ.q^......T.(p../.N=..n....9&.}TZ&.I.... @.....K$oGN.C[.T....?I/X.F.......w*.&....=ve..I2.T.)..K.J..S.2qs."...N.^&.F..h........7......U,$e...Jn._......p..]%...> m2.D...7..BE........G....?i...#......;....D....,..I$..QUT1H.i...1.P..).B......l...P|;.Y\d.w.gOIL..&..K&l5..n........P...q[u%f.V.%...5xm.C.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\play[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2719
                                                                                                                                                                                                                                                                          Entropy (8bit):7.710115400650536
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Ti4UHClcGxJyXNij4wxBZ/0/U0PoZ+/FhiAoWhfp8t07vyHlNySbiaJpE1paLN7n:TwHClcKUX8hd/0sSHdhzoQxOL8aJICNz
                                                                                                                                                                                                                                                                          MD5:F6CB2568B2A04A2EE14456C5AD3C3E3D
                                                                                                                                                                                                                                                                          SHA1:D8F3F49ACC7411D4B09F2A5D8D3E0D877B09FF18
                                                                                                                                                                                                                                                                          SHA-256:523669DE924BB139AFB42913AB2838FE1C822B47A0FF68490A622CE7D7AD3422
                                                                                                                                                                                                                                                                          SHA-512:6494C748D2E1C30ED87EE2006454C3844FE39455712A5684AAEF8243AFDE24C0F7A3CA23D5A06F6666535EFBC6CAEF3BF39AAEE79BE2DDE3153E64ED83E5F388
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#.................................................................................................!12#.a"..ABR$4%.Qr3CST5'8........................!...1"...A2QaqBR#3....b...r..Sc.$d.%5f............?..J...y#M[KiM.po..M...8...&"%.....~..x.B$.6#.E^.AE....5_p..S..it......\..512..i.uuk.N.....T..A.RGow.(.n.no>..r.....8}...Tp.$...v.....P]...M...tt.E/om$8..h!).U.L......9p..!.e.S..,.d...{.z.....y.;sQ..b.M.R.s....*H1.9.Mu.7RU?V...V..O.(AI0.11;.....qE.c_Z).{..ms........Vrj1S.......N....:Q.....n#...}[n..Fc..q....ngCX..K...-..J..)C.V76.t.R.R}C.r,.Q&.....(.a.9......cO..f.pI..pLT..#...z...Y...Og.]Jn....Ox..;N..f..x.U.ER`""..9x[..t.B)o...C..ET%R.|.|. w....y.._._..xx~...v....l..v.....\.....(.=.(0....i.F..R:..p..V....P...xP].a:...vkx..W...Q.*.F..i...mkvX..U....4..z.#..V.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\progressBar[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 729 x 16
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):19917
                                                                                                                                                                                                                                                                          Entropy (8bit):7.950437553512758
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:CiRdewtXDJvZBZPDkdGpT8KR5J63qrNgCNU5HgzXrwwm4ykF6UNLPZazam:9dRlvDZF5J63qrNgCNUwXcwVxF6UNLAJ
                                                                                                                                                                                                                                                                          MD5:9556DCD310C0BC32E2346374906C7729
                                                                                                                                                                                                                                                                          SHA1:628D08794A23376BC64AE660389BA2C610B93513
                                                                                                                                                                                                                                                                          SHA-256:F54B2E9E79FC7E77DAD43EE37B227D3743E1DD556DE160D2E84C3C37271C2C64
                                                                                                                                                                                                                                                                          SHA-512:AFDAF7EA78706C62CD062343C75AEE3ACF487BF17F619FEE1792D4BD70436C8BE7D8F828311C73B44B0264EC117DFE5BB778D971F45CA8E46E162D70716B121B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..........g.....Lw.V{.k..h..;Zj......=`ra..j}....8O\]~....Lt.u..e..p........=]nn..j........f..j..Z..i.....a..t.....Tx.`..:Udr}.On......\........[ny~..Hj}......h..c..Sv....`..Hm....Zv.......k..Dbs...Pp....d..V|....=YhDewg..V..c..^..Z.._..X..=^oe..Ei|Mq.Xp|6ScW..}..Kfs...n..Iizw..Lj{].._..[..[..p..B^lRw.m..f..k..n..p..o..h.....p..i..p..o..V..n..k..V..k..m..i..p..l..g..j..e........t..e.._.....f..^.....i.._..g..g..Jp.Rr.n..e..n..k........o..j..m...........w..o.....i..k.......`..m..m..<[lp..k..t.....a..m..h...........j.....f..m..X~._.......Ru.Jp.z..l..e..\..b........a........g..o.....l.....g..l........h.._..Lv.Kr.{.....`...........j........Km.n..........:ZlOu.X..h..[..`..d.........l.....h..g.....i..h..c..]..\..\..u..f..Ot.Yy.Qy.k..Hq.a..Tr...............|||......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\progress_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=18, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1], baseline, precision 8, 1x18, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7714
                                                                                                                                                                                                                                                                          Entropy (8bit):5.141118214705623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:Ajw0jy76r7Uy4lyLJQXPYsPxDTy7roknmWWPhWMHi20CYZ5KSt:AjwElrQy4lH5tgoknYt6KG
                                                                                                                                                                                                                                                                          MD5:FBF6ED41ECD861C84823F1BBBA07744B
                                                                                                                                                                                                                                                                          SHA1:43B63911B2D2A8C213F5BDD790E31493FE8E777D
                                                                                                                                                                                                                                                                          SHA-256:A46661345D614585596BF6F90040E5F23F9F8EC972C68710A7A039E694202804
                                                                                                                                                                                                                                                                          SHA-512:85315348C4DF8CA326D4FB7CB30844943BCA975BF90E885C9154B45FAEB20C9257AFB125E9283F22C90662912B23F8D32F5A99F0B7272A127C74AB6648FAAE18
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.......................................................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2013:07:04 10:50:20.............0221................................................................n...........v...(...................~...................H.......H.............Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.I$......I/*IWyw.....DPhotoshop 3.0.8BIM..........Z...%G........8BIM.%.......K.m`

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\progress_orange[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=18, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1], baseline, precision 8, 1x18, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7723
                                                                                                                                                                                                                                                                          Entropy (8bit):5.144139807151048
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:OjC0Zy7V/r7Uy4lyLJbOPYsPxD7y7VqoknmWFXW8QaHi20CYZ5KS+:OjCGs/rQy4l/51sqoknXDt6K/
                                                                                                                                                                                                                                                                          MD5:4D5858B11B0D878B516B2849421ED144
                                                                                                                                                                                                                                                                          SHA1:AB755B62BF16A99E475E45CEE3AA34EEC202C93E
                                                                                                                                                                                                                                                                          SHA-256:B0F4D71E9361B6180E2805A830043A692C146DF97B70DBEB50A9525D86DCBE99
                                                                                                                                                                                                                                                                          SHA-512:E250D815EB78D8A2E38FA5FC2DE1A40AD44FEA97E9CC72FE435961401386B816C5C597093C0D3DBCDFD22F8D91F11C7566F82A0AAC1EFB7FF3BB7BACA532AA16
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.......................................................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2013:07:04 10:50:31.............0221................................................................n...........v...(...................~...........!.......H.......H.............Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I$......IpI,........HPhotoshop 3.0.8BIM..........Z...%G........8BIM.%.......K.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\progress_orange[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=18, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1], baseline, precision 8, 1x18, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7723
                                                                                                                                                                                                                                                                          Entropy (8bit):5.144139807151048
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:OjC0Zy7V/r7Uy4lyLJbOPYsPxD7y7VqoknmWFXW8QaHi20CYZ5KS+:OjCGs/rQy4l/51sqoknXDt6K/
                                                                                                                                                                                                                                                                          MD5:4D5858B11B0D878B516B2849421ED144
                                                                                                                                                                                                                                                                          SHA1:AB755B62BF16A99E475E45CEE3AA34EEC202C93E
                                                                                                                                                                                                                                                                          SHA-256:B0F4D71E9361B6180E2805A830043A692C146DF97B70DBEB50A9525D86DCBE99
                                                                                                                                                                                                                                                                          SHA-512:E250D815EB78D8A2E38FA5FC2DE1A40AD44FEA97E9CC72FE435961401386B816C5C597093C0D3DBCDFD22F8D91F11C7566F82A0AAC1EFB7FF3BB7BACA532AA16
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.......................................................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2013:07:04 10:50:31.............0221................................................................n...........v...(...................~...........!.......H.......H.............Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I$......IpI,........HPhotoshop 3.0.8BIM..........Z...%G........8BIM.%.......K.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\progressbar_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x7, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):333
                                                                                                                                                                                                                                                                          Entropy (8bit):3.4995756401589917
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:mgslLPltlaB1lQQp/yEDpeknmRmZtndmMpa/ll215zW9pvZbp7Lsn:mjPltla6QzDkmZmMw//i5KRbp7Ls
                                                                                                                                                                                                                                                                          MD5:E8842FEF2067C957DF0C87509C75A25E
                                                                                                                                                                                                                                                                          SHA1:AAF542BBCE731D0E6D57A3C0029C5FD47F7475EE
                                                                                                                                                                                                                                                                          SHA-256:4BA3960DD801C9E19436E4829A93D36324635A79C8D2016454B0BCF3D9D458DB
                                                                                                                                                                                                                                                                          SHA-512:F75556CD5BE13E0381E81DAC332975761EBEEA63C0D46DA2290B5988D0A6B3FF0357F0248BC103367CA1B62D878462C7D009384635112D2AA181E24B0251665B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................V...........................................................V....................a..............?.C8..H.|K.z.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\progressbar_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=20, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=2], progressive, precision 8, 1x20, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7574
                                                                                                                                                                                                                                                                          Entropy (8bit):4.934310750730212
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:8jU0i87Cs7Uy4lyLJtBPGsPvDV87IoknmWZelWuHi2NMp:8jUtNsQy4lYBLp9oknKPep
                                                                                                                                                                                                                                                                          MD5:9F0C3CE781A8B3247C9820C800806673
                                                                                                                                                                                                                                                                          SHA1:1253BE74AF56A8CC588287A06FD7C7D8A182302E
                                                                                                                                                                                                                                                                          SHA-256:705F6199F26D12A4C751D1EC2CC6C31FA420F09D9ACE03ECD1A635FA52FA1297
                                                                                                                                                                                                                                                                          SHA-512:6ED47498621A0CA610A93EE7F8DFA314717842BB425C480009EB388D29EE4A0B287BF3119354B6B0B83DC3B018AC44EEE8E8989D16785B1E7FA002B90AAE0371
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.......................................................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2013:05:13 13:35:15.............0221................................................................n...........v...(...................~...........,.......H.......H.............Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..._..I.$.........O....)/.I%?......Photoshop 3.0.8BIM..........Z...%G........8BIM

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\smart_bg_bottom_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 9
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):166
                                                                                                                                                                                                                                                                          Entropy (8bit):4.790400224338581
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CMJtXKXAXC6JFK7jRXMUdU50QQHa7/zzl7/l5WhB8ee5DnmYzV6yn:/WXASsGC5Q03ly8F7jV6y
                                                                                                                                                                                                                                                                          MD5:871CED07E9E8BBEBCEBAE84E7173BE4B
                                                                                                                                                                                                                                                                          SHA1:4E01FA7E9D1EDCDDEEE5F0E320ADD84189E9B969
                                                                                                                                                                                                                                                                          SHA-256:2FE0ADA61D9CF26B1E64C44CD883E5534AE3E21530DBFE1AF31CA981CC871ACB
                                                                                                                                                                                                                                                                          SHA-512:029B795010FFD2CEF2437B558FD56793F0A2DEEE9D7AB69D91C18AD4A36D7A80F9DCC8B08948C1092D5485B8A46C21B22297619223D9378F6B60A47CA6CB3FAF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................................................................!.......,..........#..Dd.1.YB.J6..-...@.&.`.....0..0.#..;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\smart_bg_bottom_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 9
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7126540301661213
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CcqmRWD/xl7/l/nKkb:smRGlMq
                                                                                                                                                                                                                                                                          MD5:DE49B10E3CC222F7D18343BDAFA8DC1E
                                                                                                                                                                                                                                                                          SHA1:0D6BD14D98CBCBCD6034C9573DF70C1259993B2D
                                                                                                                                                                                                                                                                          SHA-256:DB5DE1B49CC58A8C029888C9DFDBC3C902163AE32001D0A14815620FC759D1B0
                                                                                                                                                                                                                                                                          SHA-512:6B55700CAFAD74FE17EE3AD09DAB39D73DBCA1F7A646D38E61401A91225A79487A57C3C1788DD75FF0C6569C7252F65F49ABF1E5166F4F7440634C1E0F518B6E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................!.......,............/...;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\smart_bg_top_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 17
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7666714321693266
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CEu/srcF/eczl7/lVEn:trG/Dzl0
                                                                                                                                                                                                                                                                          MD5:505D5C455372560F8E1F7DB358A36394
                                                                                                                                                                                                                                                                          SHA1:4E5088F8AA4CD8640675C58E7F53C063B53BC294
                                                                                                                                                                                                                                                                          SHA-256:1F47939171A96DD2911EB337CD04E4A53ADAB6C764E0F784C266B0E7E02B9731
                                                                                                                                                                                                                                                                          SHA-512:31C5C8DCF40B4BE546D9DF71BAF7EA1B49E07056A3D5E61FE273AC34FC4796D8B1BB86E92F174D210372253F23CEBBCF247AF2574FABB3D923F448A7AA774DCA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................!.......,...........D..[.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\smart_bg_top_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 17
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):181
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3750238557849395
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CUz1AUl9ThDVoy6QtK/LDpRQQQ/zzl7/lPgKSFAWViiepRtvxtaHnE:HhAk9FJH6VzDsVvlGlASG9qnE
                                                                                                                                                                                                                                                                          MD5:9985FD1225F4706AE0E21B23A5354B64
                                                                                                                                                                                                                                                                          SHA1:353E6189D2E1CCE2267BA563211C0C50C9B94D15
                                                                                                                                                                                                                                                                          SHA-256:542C843DF7A6026197E3664F6B738EB297F1626520281CF667AADDCC7DF4464A
                                                                                                                                                                                                                                                                          SHA-512:A8AEF89EA88CDF7870B643EDF967636733029D3ADBF5CBB4C3727DD1A0956ED391D97ABC0C43D096A021F1265ABD4354B43EB7475A4B116BAF3D5ABB3F1C8947
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................................................................!.......,..........2 ...R..2%..0.%[C...,K.....(#.-...8N(N(...N.@.5...;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\storgae_bg_frame_mid[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 97
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                          Entropy (8bit):4.077900977034687
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:C0lfthyho+C1zl7/lftnKnVlen:/+ZQlXyVlen
                                                                                                                                                                                                                                                                          MD5:70AF555D2EC71BF947C31A5CEBDF3509
                                                                                                                                                                                                                                                                          SHA1:7AFF59ADD6171E88FBD2E7409C13AA5A388E69A8
                                                                                                                                                                                                                                                                          SHA-256:860B80D0542B29910296D4A2EB93D43949A69B2373913409DB0357054B0DB093
                                                                                                                                                                                                                                                                          SHA-512:853F5D05D5C38743116B9D9639B6F51D91F919F742CFC0987E3E806AA7FA25FC5D2E07E31696CF9CC3ED7053A911EB9A948ADD4C8A3630C1E8F92FB758CF98AA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..a............................!.......,......a....H#..0.I..8....;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sync_pc_enable[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):205
                                                                                                                                                                                                                                                                          Entropy (8bit):5.632941182166494
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CsznkEqyOhhTFF/PzpezT6biwWYe/lylxrtkPL4UZ0ndsqXt5KN9Q10le:NU3/MaLWl/z38xXrKN9Q1h
                                                                                                                                                                                                                                                                          MD5:5901083DCCFF1B7363639E284C83CBD8
                                                                                                                                                                                                                                                                          SHA1:0554EFF99F73D098890D1C20740C1AE9605E0792
                                                                                                                                                                                                                                                                          SHA-256:35276CF253C242559279F27E45428E0C92F2671FE01AB93C07C74D8647CD3724
                                                                                                                                                                                                                                                                          SHA-512:CE0CFBBCC045700907E39B2E37AD0A5F7B382DE187F97EF6ED65B8FC10EE8EBDF3026072018ABE2A025AB4CA1BDEE7F338E8D7C0FD4005F1151F771491A20A81
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......bbb777...OOO...................```___................333....................................!.......,..........J %.dI.S..+jDp,.FJ.&.Bx..=.o....E#.xL!...$p.X.X.!...X.V.-...4.a.<.....@K!.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sync_tick[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 14 x 14
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):297
                                                                                                                                                                                                                                                                          Entropy (8bit):5.7724875721154145
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CtlUTWl9HsCewkH8CWkngBUd61L2tB67IO+J8p8lXtylbrPlH+zHRRxr6uyu3/me:mdlpp9ktnXptMMRE8lXNHxrvy4une
                                                                                                                                                                                                                                                                          MD5:D036DF78658887C4C9F74E173FBD302C
                                                                                                                                                                                                                                                                          SHA1:9892D21B0816B9499E6A3BD41220612D6F62D96F
                                                                                                                                                                                                                                                                          SHA-256:78F5DBFD09C61DFC94B16EBB0F386EDCEC08F8301C573F9D0D03A1137D4BC731
                                                                                                                                                                                                                                                                          SHA-512:8148C12B0F83917600D541A845A924CEEA6D313023B61D2278B228F2FDFA3FCD45A13889F2A0F51D38DC11653799ABC54BF22A33F5AADF5F58003C2DD240F270
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....&...8....O..a..b.....?............)....Q..d.................e..........N..1.....q..V..-..[..|......!..............................................................................!.....&.,........@.F@.pH$rJ....(:..Ci.t.2..P1..H....(i.............)C...0.J.E..kH.Z"H.onA.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\system_tray_disable[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2251
                                                                                                                                                                                                                                                                          Entropy (8bit):7.327076582075784
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SqQNn2xy9J3xViS0JfjFP6wxZMk8nDt5MRRNCDO:bY281V50VLxZMrD4RRNh
                                                                                                                                                                                                                                                                          MD5:749C4BCD2426263208B844BDE835C236
                                                                                                                                                                                                                                                                          SHA1:EDFD96C4548213366E06A0626777B596BC05DAFB
                                                                                                                                                                                                                                                                          SHA-256:1FAC7F2DA510D284BFA1C918482A69BA18E35759DEAA74C9D300EB26297AD321
                                                                                                                                                                                                                                                                          SHA-512:EE2EB8AD6757BDE1281C18B9E53CDAC47EC9F8555B18A6E5431AB3FAB70933F1AC4077AB6E466D84000A47A2271935FAF431C42F8D1923458A141D34AEF7AAB1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:F4C672FDBE3B11E3A83A86D7E05FD958" xmpMM:DocumentID="xmp.did:F4C672FEBE3B11E3A83A86D7E05FD958"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F4C672FBBE3B11E3A83A86D7E05FD958" stRef:documentID="xmp.did:F4C672FCBE3B11E3A83A86D7E05FD958"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\tooltip_left_bottom[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 8 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):204
                                                                                                                                                                                                                                                                          Entropy (8bit):6.359267936463995
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlv5hrlfRthwkBDsTBZtL9Da9i499n8yz8An59s4Ct5i0ynV7KLFcaJ:6v/lhPZ7nDspLZaAIjffsj+7KGa5eup
                                                                                                                                                                                                                                                                          MD5:D3D5B8814D6A77782484B9AB2E753010
                                                                                                                                                                                                                                                                          SHA1:29C8947A968C7BD09020E6702DEADA1AD92994F4
                                                                                                                                                                                                                                                                          SHA-256:2CDEA490B171BF9B7CC3F04572690A9B36CDDAA7AD7296199E9F4BE60EB82CC4
                                                                                                                                                                                                                                                                          SHA-512:7AA1E905B74BB45FD0B2387D57C5CA786AFF9B138E87E8F30AF66F89D7190BC0FFC261385F911ADE81EBAF69E6FA2D966A2EA87B973A1E2DB7BCBD09C238FD64
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...nIDATx.b.r....................)8...W..........5.@w.~...N7..../^0`...d..\.z5...q...0... .......". ...)@.....0...[...|.....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\tooltip_top_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 1 x 8, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):119
                                                                                                                                                                                                                                                                          Entropy (8bit):5.214391647969328
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlE3tn/gJllHRthwkBDsTBZt8Bxd/UsMuIRxd//B1p:6v/lhPqYrznDspMsZxlbp
                                                                                                                                                                                                                                                                          MD5:BC8EDC94C705E9688F06FCDFBDD7361A
                                                                                                                                                                                                                                                                          SHA1:72514BFA8135AC043FF0BD7D40CF6C6428394475
                                                                                                                                                                                                                                                                          SHA-256:C590D6E56F27CF0D5A787ADDB92C9980740DA4B9DDBA7FC9F3A978355AB120D9
                                                                                                                                                                                                                                                                          SHA-512:083721336CF95506DA0D51E8F14398F87D14EE6ED8DABBA7B1C6D4857B1563E7452DC3B28F885C56A8358805B23A95DD30781C9020F4077EBB6E8745B8B4A847
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR..............x......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b.u...........a.....~..StT.....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\used_space_bg_2[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=56, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=79], baseline, precision 8, 79x56, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10125
                                                                                                                                                                                                                                                                          Entropy (8bit):5.991493293351534
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:OjEAnFwW0sQy4lAlapFwWHRkn2i6iZxwFu4tXK6+bbbbbbyQ:yEWnH7idnHqn2Tbvt66+bbbbbbj
                                                                                                                                                                                                                                                                          MD5:E1CF408DC4D482A32F5E73A3DE246BF6
                                                                                                                                                                                                                                                                          SHA1:3C8C5CD85CD09284A880CD15E34026EAA79E3D67
                                                                                                                                                                                                                                                                          SHA-256:F895FF630D9587DB5DA4B30C687FE764F783E969D18326E72FEE63EA83C58C86
                                                                                                                                                                                                                                                                          SHA-512:7BCBAFA20CDB0139C78C2D4FF3BF6F7228F88F7021161D1350B4FBB15D9E675562CB29D6E5D3671F6DBB381D7363FE9FB87ED6D3E147CBA3BD86F0252BF3E4C5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.....qExif..II*...............O...........8...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2014:03:03 15:22:52.............0221....................O...........8...............................n...........v...(...................~...................H.......H.............Adobe_CM......Adobe.d.................................................................................................................................................8.O.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....k+%..W....1.......T.........b.i.b..7..)+1.@..ti.2...=K.}........6........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\used_space_bg_2[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=56, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=79], baseline, precision 8, 79x56, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10125
                                                                                                                                                                                                                                                                          Entropy (8bit):5.991493293351534
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:OjEAnFwW0sQy4lAlapFwWHRkn2i6iZxwFu4tXK6+bbbbbbyQ:yEWnH7idnHqn2Tbvt66+bbbbbbj
                                                                                                                                                                                                                                                                          MD5:E1CF408DC4D482A32F5E73A3DE246BF6
                                                                                                                                                                                                                                                                          SHA1:3C8C5CD85CD09284A880CD15E34026EAA79E3D67
                                                                                                                                                                                                                                                                          SHA-256:F895FF630D9587DB5DA4B30C687FE764F783E969D18326E72FEE63EA83C58C86
                                                                                                                                                                                                                                                                          SHA-512:7BCBAFA20CDB0139C78C2D4FF3BF6F7228F88F7021161D1350B4FBB15D9E675562CB29D6E5D3671F6DBB381D7363FE9FB87ED6D3E147CBA3BD86F0252BF3E4C5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.....qExif..II*...............O...........8...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2014:03:03 15:22:52.............0221....................O...........8...............................n...........v...(...................~...................H.......H.............Adobe_CM......Adobe.d.................................................................................................................................................8.O.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....k+%..W....1.......T.........b.i.b..7..)+1.@..ti.2...=K.}........6........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\username_bg_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x23, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):340
                                                                                                                                                                                                                                                                          Entropy (8bit):3.595746791252085
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:mgslLPltlaB1lQQp/yEDpeknmRmJZ99dmMnelU1/ljkltBD8lumsZXvw58n:mjPltla6QzDkmT9mM6U9lYGlums48
                                                                                                                                                                                                                                                                          MD5:4D7D88DE01EBD20FC8306F82C18E35B9
                                                                                                                                                                                                                                                                          SHA1:32009C5537B75461404D75F37AEBF7B20EA62388
                                                                                                                                                                                                                                                                          SHA-256:B92AB193020C947180C78A64186BB5AEBA5FC20DE03AE05656F4656A94FD7FFF
                                                                                                                                                                                                                                                                          SHA-512:6560E1CCF96DAB3566FEBC974A5D91A1D287C62478361816653B5506F41C5379BAA2A27434024A33D98E5E6D66319FAEEEBCB138CB88884085D869CAB96CF8E5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................X...........................................................Q...S..................................?..m...^.......4.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\username_bg_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 13x23, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):535
                                                                                                                                                                                                                                                                          Entropy (8bit):5.579839796296451
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkm39mMC89lKcbWfmsj0JcDS0bgR74J+qpxqa4rGHuSpueJi2:2P0Dk4Em8BQcDdbgFAx9sGOSMSi2
                                                                                                                                                                                                                                                                          MD5:2658EB08A56CF508C7F075B677B71C84
                                                                                                                                                                                                                                                                          SHA1:B8EA3D5C9A79B705E4C539A531177C21491CF07B
                                                                                                                                                                                                                                                                          SHA-256:9F41CC1B88FC7FAE1A6D10B0FE3EF3A17D4EFFC4CC4DE6422FD2277B88F7B013
                                                                                                                                                                                                                                                                          SHA-512:4DF06BB41D0C23BD24B7B564F352E16983766BBCEAD0D24D62FB43E00C6967858ED9DD33E857BF41C2146EF18D5F7D2281B15070A5B747B1BD7ABA182D9F0049
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................b...............................................................1A..!Q..a"2#.................................?......d1...X......JI.....u.m...p........Yo.q.U9........Tj....R..x:.m.!..H.uh....=.6....WY=...Of..M)............8..E.v. .X.n..?mu-.rBS.#.4O..B.3......=..9....md\QX....Ys..5.a...'"2.x$...4H.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Collapse[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 13x13, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):558
                                                                                                                                                                                                                                                                          Entropy (8bit):5.699463545646349
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0DkTLMvgs7tkr1PIHIHFDRJ280vQmoiUlJRKRX:TmL+tg1fZRJ280v0iyYX
                                                                                                                                                                                                                                                                          MD5:D7010E4FF5DCECD4CA9539D48FFE7E14
                                                                                                                                                                                                                                                                          SHA1:A4E596326110AECD1CB95AA1CF0E9A72B28D8D9A
                                                                                                                                                                                                                                                                          SHA-256:8F1F05217E8423CEC1AB1B0EB098176FE65923A38C60F60EE60F1C6FD44DA04A
                                                                                                                                                                                                                                                                          SHA-512:36BFCB6D848DCB7888E51519BF8A8825A98D3657FDD08B31B5FF7164CC0D9FEE5A5F3F0AF409EE8C5360745764E5027ACD0BB514FCE6BB167E51A5CB438B7D52
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................g......................................................................."$5.....................!A.1."............?..o2...0.,..?2.vW..C.......|.sM........1.{ .....6."..>ra....(r....%.f.".....7.6..7..S #.....x..c.G..w}-....QRT....Hd4....Yb..(G.X..!.R...%A.W.....Z.I..6d.!s..*k..,!....}.uY@.~.Y........,..2........{..V...O.rW...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Expand[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 13x13, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):559
                                                                                                                                                                                                                                                                          Entropy (8bit):5.677863160118538
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0DkTRpWbgxtQP8HYGYmNGvO6Q7TDrJL8q:TmabP8HYPT26Q7Teq
                                                                                                                                                                                                                                                                          MD5:AD7D101CF1B37B64595E93918DC94BD6
                                                                                                                                                                                                                                                                          SHA1:D6BFCD264766B6C062185D430ECEF90A6E56F191
                                                                                                                                                                                                                                                                          SHA-256:E4B4BBFCED85C9B732550E1E62342B079DF9325628775331B6279EAA85B74117
                                                                                                                                                                                                                                                                          SHA-512:C771E9F0E9FB7692FEAD6FF4628804FC87674DB4A1CA226B94D97EC1E43154A31BADA536CF7D31A0B5E29CF2E240AF0FC0D6F79BC50599C8D8F8979C9AE0065B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................e......................................................................"2......................!A.."............?...w...z..;l.7}.$.........J...g.v8.:L>e.LL..Z.b{.$.y......e....PC.....u..K.1..6...&|z.iA...r.Ld.....?.`|>..,HT....HD$...16J....Yc.&.l.X..P.%^..q......B.s.Q.5.a.5.q.U....&,..A.....-......O.....$.g..*...OW.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Fix_errors_n_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 12x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1792
                                                                                                                                                                                                                                                                          Entropy (8bit):6.932406376464992
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3CVwqyJ3VyybPzpGKezn6vXPOLhtt9kbnM4BzN0iVXQFP5zW:NpNn2WUJ3Iy/pVxPutkVd2H2
                                                                                                                                                                                                                                                                          MD5:914F8D5AE7CC4B1D00B9B565C0F22FFD
                                                                                                                                                                                                                                                                          SHA1:C3C4186F093109FA899359D4EDBDCFE1C4074810
                                                                                                                                                                                                                                                                          SHA-256:EEF12AB11FD10759BF46030086239B784C260496C596F734F87C1FD8996843BD
                                                                                                                                                                                                                                                                          SHA-512:8646DF8950C251A835208ABDA6542CA8D31FAD31891ABB7A73297C594042E9D8089A18939D21D213B1A0DBA56F65994EE0B08756CBD398ACA660F041653A770B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.4 (Macintosh)" xmpMM:InstanceID="xmp.iid:2226710AE8C811ED9963DEBF30B4BE93" xmpMM:DocumentID="xmp.did:2226710BE8C811ED9963DEBF30B4BE93"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:218FF1FFE8C511ED9963DEBF30B4BE93" stRef:documentID="xmp.did:218FF200E8C511ED9963DEBF30B4BE93"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Fix_errors_n_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1294
                                                                                                                                                                                                                                                                          Entropy (8bit):6.138187556948426
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3CV8eyJ3VzFGKeipldqW0xYzYMfX:NpNn2W8J3bVxzqOkMP
                                                                                                                                                                                                                                                                          MD5:CF35F0372F8C440F12D831F877951DA5
                                                                                                                                                                                                                                                                          SHA1:BA7EE4CDE13EC48A2EB9F9454DE76386DE56C045
                                                                                                                                                                                                                                                                          SHA-256:71D8A2CF754749E328F75F800704B90BD9B3242A53010DC0F1E30D2029D72274
                                                                                                                                                                                                                                                                          SHA-512:74C575F2A17A98AE7BB0CE3109561C0F73B0C79F2AF230C9111FB02B883F5685AD048001E539C7256A2BEB3D1E8D2300FA0B9C07C952591ACF99675180352228
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.4 (Macintosh)" xmpMM:InstanceID="xmp.iid:2226710EE8C811ED9963DEBF30B4BE93" xmpMM:DocumentID="xmp.did:2226710FE8C811ED9963DEBF30B4BE93"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2226710CE8C811ED9963DEBF30B4BE93" stRef:documentID="xmp.did:2226710DE8C811ED9963DEBF30B4BE93"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\RB_folder_sync[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 31x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1847
                                                                                                                                                                                                                                                                          Entropy (8bit):7.555047957715662
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Ttdj6OzN/Nn4WDClHLMwLBIwY/QWVDl5xhs:Ttk0/l42mrMuaq+5rs
                                                                                                                                                                                                                                                                          MD5:D2DB515B008AA866781FBCF0C15BFF6E
                                                                                                                                                                                                                                                                          SHA1:2A1DCBFFDA0E0DB5D5E996E19927A27ED8BEAC9B
                                                                                                                                                                                                                                                                          SHA-256:BD80ED96FF20A0854B4AE31C1CA48281D5A189657BB5FB42505C29FF00BACFFC
                                                                                                                                                                                                                                                                          SHA-512:576FC6E026DB8CC8BE6AC78F834425A9AE364A9B87BC23AEC8D5893FBB617F72F5BB1BAF8D3CCAE6F394280A6E867D61B3E2E5D378E6932C2336CBE2A80AFEA9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#...............................................................................................!1Q"2C45.AaB3%..#$d6F..........................1..!AQa"3....2B#...r...q.b..4tEe&.............?..7%.....Y.#..kH.4c..f.(.mV$P.*.M1....w..v.m..\.Hd...ph.-.RPD.......M...:.8.^...^.E.@..L..-..l.|.....2..?..AAL......D..4.!L.....0..O..v.52....&D.=...;...............!.lVb..?I.SE?r..Amf.0...6I.!J..@@@w.Cg..h.=.fY7.C*h....eKc...`!..(!.A.....|mk5....|.K.g... ...O@D8G.WaQ..!+.O.........c..~..rZ...N.w..X....Q..O.........# ......p..x..`..=.#.....S..D.#.z..^G4.`......[.....y=...G..O...7....o.%`S...>..[._...f.....+.c|Af..J.x....Y.j$p.g....1.S:...RBE=C..T..0..nS[(.O.Kl...4;.8J.V*..m.....{/...b{....gY...X.Q#+5y.m..dU...DS.U..)...t..." ....u.n..&mUc...5.^.....@.fK. ......1..]Ok

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Small_fixerror_dis_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 33x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1712
                                                                                                                                                                                                                                                                          Entropy (8bit):6.834953459007878
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:FK1he91Wwjx82lY2T3ouVzV/g8yJ3VNwtaGKeCsGDynlKNwiPGC/+In9JzGpwV44:SqQNn2xlNgvJ3L2aVkGenswibn9JUj4
                                                                                                                                                                                                                                                                          MD5:2B8022BCE35465FFEF2C4623A6E738F2
                                                                                                                                                                                                                                                                          SHA1:55B6D029673126975D8EC7F994403CA7FFA58010
                                                                                                                                                                                                                                                                          SHA-256:CD55040B8EE783DF6126E9CF75450BB4C32011EF2FEED664BBA2E6C49DE1EFFB
                                                                                                                                                                                                                                                                          SHA-512:2C542BC8E257A8CD5452407240A7DF58690A01634721AE0CD5EE029C58AE9C4E370DBA2AF20E9E2F53A75F37101ABBCD44069AF8BD4FB88A6A5253F51EA8F02E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:72A0B3D5D04E11E38B7388A21504BCAA" xmpMM:DocumentID="xmp.did:72A0B3D6D04E11E38B7388A21504BCAA"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72A0B3D3D04E11E38B7388A21504BCAA" stRef:documentID="xmp.did:72A0B3D4D04E11E38B7388A21504BCAA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Tick_gray[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 14 x 14
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1350
                                                                                                                                                                                                                                                                          Entropy (8bit):6.807192843323789
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TPo3GUKal1hI+Wwjx82lY2T3BkVbiYfg2yJ3VXZkB+GY8Tt/:jo3jWHNn2qctJ3jL8x
                                                                                                                                                                                                                                                                          MD5:6881E9E1659E3CF0797FA437A60883F6
                                                                                                                                                                                                                                                                          SHA1:EEF5F175266F0A33EC3509774881F92150742A2B
                                                                                                                                                                                                                                                                          SHA-256:3ADA137D5341F3DC4D309A43D301A7339E12C05FE71800E1B516906E65DFAE51
                                                                                                                                                                                                                                                                          SHA-512:C502397FD445A89DA903201B2C583648199DCB4EBF8A31EA360504E4AE2E3E8967D81D1A8DC8C29C1FD245A82C747B8FA367FC52C0B6314C2A0F7741D319D379
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....$...........YYY[[[......www......ttt...^^^.........QQQ```SSS...WWW......lllOOO......ppp...rrraaa.......MMM....................................................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:D24CD66335AB11E0BADFABEE1D1A3B63" xmpMM:DocumentID="xmp.did:D24CD66435AB11E0BADFABEE1D1A3B63"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D24CD66135AB11E0BADFABEE1D1A3B63" stRef:documentID="xmp.did:D24CD66235AB11E0BADFABEE1D1A3B63"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\admin[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x23, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):673
                                                                                                                                                                                                                                                                          Entropy (8bit):6.269269682589161
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0Dk7s2yDw1Q0dKKQQR8B+i3bEaQVI9lGNNcSDwjLINcBr:TesdDwG0dKKQQR8Bd3AaQO9lGP+M2r
                                                                                                                                                                                                                                                                          MD5:D7DE4956611D9395D9B1999918EB22AD
                                                                                                                                                                                                                                                                          SHA1:E919B78FC6142C2D23B2A619AAB0FC5456B9D208
                                                                                                                                                                                                                                                                          SHA-256:5C423D160252AAF9D3217DE2FD1F6A948827DA47984295A5D5266B784B88A967
                                                                                                                                                                                                                                                                          SHA-512:2661610DEE70F5789229225B536228D68B8B99ED5AF892B7CAABB392239F1C5F666553E815FC4487F411663826DBCCE4C3E9E4DC73CBA924D2DFD9B7B6E3FC78
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................`.......................................................................!1.................................?.....z.=...|....a....a>V.Q0....c...YH...~zZ.p...)tL.A..R.X....,...%...S:)\.k.0.9`.(.6"0..9+.$d..h^.z..GJ.B.J8a....,....hG.]..oQ......Q....ds.R.F.T.Lm............)......+Y.+.[.h........I{........].[..0|G?.-d.Da.E.bc?..!ogpY).+^...n.$NE_\..&.&........m..B.R.Y..%.\in..j.o..^.........]5)Ay.nm.Q..j..."I../.Mb..f..5WW.'.p..3..4.kJT?..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\after-install[1].htm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (955), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16135
                                                                                                                                                                                                                                                                          Entropy (8bit):4.960302294954913
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:/wJNe/RuXrv5e4oF3DQ16rO7JnBSYZgZYLIpBsnGJM6iYlv4ix:4JNwRCNeP8iQJnTR47JziYB4ix
                                                                                                                                                                                                                                                                          MD5:491AB820B2CAC3288178E3ECBFD7886A
                                                                                                                                                                                                                                                                          SHA1:12DAEF962048C8758AB00604A3A9AEB081289B0D
                                                                                                                                                                                                                                                                          SHA-256:2C8E8AE975EC28C8062CB334470C2FF9DEDCE95E817B05055AE7320AA4C4C89A
                                                                                                                                                                                                                                                                          SHA-512:A6CD0282309BF0C104AE07A60993E36921D4F217C3258BA1863AF46BC58B538BD2EBA554241AB090DBE58343A9282E6EE7C499E5842E76E5C925C12C166AB5C7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE HTML>..<html lang="en">..<head>.. <meta charset="utf-8">..<meta http-equiv="X-UA-Compatible" content="IE=edge">..<meta name="viewport" content="width=device-width, initial-scale=1">..<title>Thankyou for Installing Right Backup!</title>..<meta name="description" content="Right Backup is a cloud backup service that enables you to backup photos, videos and other important docs to the cloud, accessible from anywhere, anytime." />..<link rel="shortcut icon" type="image/x-icon" href="https://cdn.systweak.com/website/rightbackup/images/favicon.ico">..<link rel="stylesheet" type="text/css" href="/css/after/typography.css">..<link rel="stylesheet" type="text/css" href="/css/afterpages.css">..<link rel="stylesheet" type="text/css" href="/css/modal.css">.. [if lt IE 9]> ..<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script> ..<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min1.js"></script>..<![endif]-->..<script src="https://ajax.googleapis.com

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\afterinstall[1].aspx

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (704), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):704
                                                                                                                                                                                                                                                                          Entropy (8bit):5.061757634770495
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:w6adJPr2NZg71qHEx3m/qHExNfHedi42LFdL1UVCq0MnH/7HMjGdh/wqHExJ:Taz2AMHExDHExq4FdL1a0QjMCdRnHExJ
                                                                                                                                                                                                                                                                          MD5:09713E31585FE53E5A2957498E1900C6
                                                                                                                                                                                                                                                                          SHA1:823441144B0EA20C5878D8AA2C215828985E2121
                                                                                                                                                                                                                                                                          SHA-256:D233F07CFC62C5D301DE6B6EDF46AF796699FD01B4D638581935758E8B9D5CC3
                                                                                                                                                                                                                                                                          SHA-512:D181B38CBD9B6B95DCB107A509B60D495B7D0E5103E6248782B3897765DBEC0FC619FF8830CB55FC8B017252144DF426A9C65BBF8DD8BB0BF53FF76014241889
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Moved Permanently. Redirecting to http://www.rightbackup.com/afterinstall.aspx/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\afterinstall_upload[1].png

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 110 x 102, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7343
                                                                                                                                                                                                                                                                          Entropy (8bit):7.962783710503939
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:DPkB7J1HBjMp9pHqFb0PJRMQtGk4sT0ie:Dsr8Xy0hRXGk7e
                                                                                                                                                                                                                                                                          MD5:C3C658440467203AE6628DAAF77E63DB
                                                                                                                                                                                                                                                                          SHA1:8EB4FA589A241C4B47D6FBB4E6EFB65D7B324109
                                                                                                                                                                                                                                                                          SHA-256:9CBB49FF31F17E1D32D41AF2E6160451FECE5A41F64C3E1E36654855F53436C7
                                                                                                                                                                                                                                                                          SHA-512:B236CA3655891B524298F1A414066C90FCB397975DA2F81B3268D6DB8B74C4619414C4BAA603E2D9EDDEECBE7DC901620F71EED599DD07A7242D26C7FC9E43C1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR...n...f.....*.......tEXtSoftware.Adobe ImageReadyq.e<...QIDATx..].x........L.u.@v .....(.bq.^..>...U.z[.j....T..mm..E.-.......AH....I23....9..O..de.rx.3a23.......;.9C.}..0..(....e...#..FC.C314I:... .`..IV./.K..V_0X........g.`P.{=........}{..=.c.0.....Y....'d\.c...OO.....`6...ME..1..".J./.hovu4.>~.....kN....r..I..^...(.,K...M]:)."+5..2Lt.o%H..G...gf$%.D.]w..........+...C. ....&.....xU..e.fL.zR.#.,..h39.c.p/.\.r.C..iz.V.....!d......G-h.`..wD.u....U.-.....y.>.g............h0.7....8p.m......z..W?...<k8.;.!q._..5.....7..8]u.#.......IRli^.]w_.....s.%...4.&...'..$s.x.v1....g..bTq..;...~.e#/...b&G..Z..:u.K..e....?.@.."s.Rn..uK..@..\...5."....c.q....E">*.....#./..Y...P.o.~wW......g8P...e.gt.<.a,.,......i.JY.`..TU.\...\~v...|.....!.O..q...j.e.hs.1...H.%:96..14...BC[[g...I../\nou~z..$H.\I.a.......l~...b.%4\.wE..../.db.....%S2...2.y..S.....].....J..S..3^i..(+c...n....... a".U.a+.(.YQ2e..)..2.....\_1p..{UnV.J.<M.,.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\alert_popup[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 34 x 34
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1373
                                                                                                                                                                                                                                                                          Entropy (8bit):6.907640092018207
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:8oBaaetJlB0sblMiYmUAA2+VpdD0xdGRyOQZSR9yFysTHOed:mnlB0wlMimdITw7+Q96ysTu8
                                                                                                                                                                                                                                                                          MD5:4779147333E0FC7C4E4E1246992CBB96
                                                                                                                                                                                                                                                                          SHA1:3B63BE5EC722349046085669102AAADE4BCC7123
                                                                                                                                                                                                                                                                          SHA-256:CFB8A9903AEDF94DC169FD7168DB8035BBE333C37406DCF3E4C0F12F4E7EACCA
                                                                                                                                                                                                                                                                          SHA-512:7EFE9E8DE74DA3B6897BAF1A803955095F40BDEECD86435C328AC79BA2F74B1C2FB5869376AEAB4A72E392DBA643DEE154412669FDD24AFF75719ACC6008B224
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a".".....s..p..r..k..d..i..e..l..g..n..^..`..[.$w."u..b..].&y.(z....<...........U.................j....,x..\..c.@......j.%x..o.....n.5..*|..d.......U...].....`.(p.7}..n....$t.={.9|.m...t.0|.g.....i.3.......U..f..].....2~....+o..j..Y..p.I...l.... n.D...r..q.B...d....*|.0q..a.)v..c..................%k..b..h.3..j...h...._...z.$v..a..........X.c...l.-o.%w....P..l..*w..a.@{.....^....1|........m...........d..i.....a.&i.&j..b........k.!i..`..b.....`..[.!i..e..[.....h.....g.....`..........`..i..d.....`.Y..Y...d..Z.){................................................................................................................................................................................................................................................................!.......,....".".....W..H......*\.p..7w.$.#&..;oP4<8...":^D.@!...DF...q...q.\QE.&.+M...2C.;+l....N...3.0.iM.4.*.0C...X%@)R.JV.*f.D8....h.F0.F ..j..a..`......[.`..{o.9.......#.cD..:...!...'.2k.<...!.C.pb....R.^=..).

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\analytics[1].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2343)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):52916
                                                                                                                                                                                                                                                                          Entropy (8bit):5.51283890397623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
                                                                                                                                                                                                                                                                          MD5:575B5480531DA4D14E7453E2016FE0BC
                                                                                                                                                                                                                                                                          SHA1:E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
                                                                                                                                                                                                                                                                          SHA-256:DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
                                                                                                                                                                                                                                                                          SHA-512:174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r||u();v=v||q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING||[];w.TAGGING[a]=!0};var ba=Array.isArray,c

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\backup_status_bg_top[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 210 x 84
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3595
                                                                                                                                                                                                                                                                          Entropy (8bit):7.654710595609767
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:lIW10z2uLcnv7e99EGef3ucqHg0ctSkgrXO5bUwbPk:W5SnnC99EGefsHvcisbUuPk
                                                                                                                                                                                                                                                                          MD5:AE8BE9E73C91224A70D9E1A117B2A88A
                                                                                                                                                                                                                                                                          SHA1:4D2CA2B08A78B4783DC158B5BAE6EF3EE22E76A0
                                                                                                                                                                                                                                                                          SHA-256:65A58C423B3F9EFEEA1FC5C14240A4B42050E362B882B30B113C43D8AB1C27B7
                                                                                                                                                                                                                                                                          SHA-512:BC18C6FB6A5957D0775F154FF368E374C1637E39CC113EDF7D92F77F335D21AEE4AF42E8D61F53BF985C4925A0ADC2A9FEB346CE0EA249AA76A9D8ECE809AC52
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..T....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,......T.........,...=.*\....#J.H....3j\(bF f........%(S.\...0c.I...8s.D...1Y"y..t...H.*]...P.J.J......2$...bW..K...Q..../E.II..K...x..........{.G.@..(^....#K.L....3k...AR.B..M....S.^....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\bat[1].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (46429), with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):46430
                                                                                                                                                                                                                                                                          Entropy (8bit):5.303853365298302
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:OaOFhhR5OIahpjfRys3LzQR04TYYyDMOWPKQ:OaOFnRqDRtzQ64IfWiQ
                                                                                                                                                                                                                                                                          MD5:72BCA04FD669EB89FC65D59052D0FC00
                                                                                                                                                                                                                                                                          SHA1:27E60AEF86F0CB1B2F6B6ED9DF9A4E3BA88EFD21
                                                                                                                                                                                                                                                                          SHA-256:823804A7807864B44093A3843788F4CD076E89CF4A6FDEB8D153AE5C2C2DF721
                                                                                                                                                                                                                                                                          SHA-512:56058E4C927563CA37DEC4979AF28A415EA3042A389C0BA22738C76D39131317A703A38A95EAB9D913F116F7C2D1DA62A0A87750F47DECA2DDB3447D64303B12
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:function UET(o){this.stringExists=function(n){return n&&n.length>0};this.domain="bat.bing.com";this.domainCl="bat.bing.net";this.URLLENGTHLIMIT=4096;this.pageLoadEvt="pageLoad";this.customEvt="custom";this.pageViewEvt="page_view";o.Ver=o.Ver!==undefined&&(o.Ver==="1"||o.Ver===1)?1:2;this.uetConfig={};this.uetConfig.consent={enabled:!1,adStorageAllowed:!0,adStorageUpdated:!1,hasWaited:!1,waitForUpdate:0};this.uetConfig.tcf={enabled:!1,vendorId:1126,hasLoaded:!1,timeoutId:null,gdprApplies:undefined,adStorageAllowed:undefined,measurementAllowed:undefined,personalizationAllowed:undefined};this.beaconParams={};this.supportsCORS=this.supportsXDR=!1;this.paramValidations={string_currency:{type:"regex",regex:/^[a-zA-Z]{3}$/,error:"{p} value must be ISO standard currency code"},number:{type:"num",digits:3,max:999999999999},integer:{type:"num",digits:0,max:999999999999},hct_los:{type:"num",digits:0,max:30},date:{type:"regex",regex:/^\d{4}-\d{2}-\d{2}$/,error:"{p} value must be in YYYY-MM-DD date

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\btn_Upgrade_full_version_normal[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 246x43, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3253
                                                                                                                                                                                                                                                                          Entropy (8bit):7.491195740243795
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:mqWHvn3ydvJ3UnxnmO1FRxHKRxHKRxHKh71Mj/VEJJJJJJGMbqL:mPPCdwhmOFxHWxHWxHE71MjaJJJJJnE
                                                                                                                                                                                                                                                                          MD5:94AD9C8F95F04D81B89F78193659A074
                                                                                                                                                                                                                                                                          SHA1:E78FBFEA3C31FF0A52F8E88F0BC4AFD75C2EE2D7
                                                                                                                                                                                                                                                                          SHA-256:C444A5EDBB6B7FDCFB1B768DC1355F040B02A4F52456019DC0169E730B1467A6
                                                                                                                                                                                                                                                                          SHA-512:831E6ADB4ECBF3EEFBEEEC661B4B84E5A032A112B1F5F884DAFCE91B6C5807C994A26D95673D54E6C4C7FF26F35FF08891B3FA94BB22A23DFB24499569D4C764
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:45D2F642328711E0A650D2D1AC0B237E" xmpMM:InstanceID="xmp.iid:45D2F641328711E0A650D2D1AC0B237E" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3A731B5C30F711E084BDB0CE19449C6A" stRef:documentID="xmp.did:3A731B5D30F711E084BDB0CE19449C6A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................+.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\btn_Upgrade_full_version_normal[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 246x43, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3253
                                                                                                                                                                                                                                                                          Entropy (8bit):7.491195740243795
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:mqWHvn3ydvJ3UnxnmO1FRxHKRxHKRxHKh71Mj/VEJJJJJJGMbqL:mPPCdwhmOFxHWxHWxHE71MjaJJJJJnE
                                                                                                                                                                                                                                                                          MD5:94AD9C8F95F04D81B89F78193659A074
                                                                                                                                                                                                                                                                          SHA1:E78FBFEA3C31FF0A52F8E88F0BC4AFD75C2EE2D7
                                                                                                                                                                                                                                                                          SHA-256:C444A5EDBB6B7FDCFB1B768DC1355F040B02A4F52456019DC0169E730B1467A6
                                                                                                                                                                                                                                                                          SHA-512:831E6ADB4ECBF3EEFBEEEC661B4B84E5A032A112B1F5F884DAFCE91B6C5807C994A26D95673D54E6C4C7FF26F35FF08891B3FA94BB22A23DFB24499569D4C764
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:45D2F642328711E0A650D2D1AC0B237E" xmpMM:InstanceID="xmp.iid:45D2F641328711E0A650D2D1AC0B237E" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3A731B5C30F711E084BDB0CE19449C6A" stRef:documentID="xmp.did:3A731B5D30F711E084BDB0CE19449C6A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................+.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\btn_blue_left_n[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1424
                                                                                                                                                                                                                                                                          Entropy (8bit):6.603316933214945
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:mtK1hI+Wwh82lYSgHeqVqT3J8yJ3VriYPgUGsvE/vWyHxvNGa3Dlxw2D7CCoFXNF:mqWHvnneqYdvJ30YoUEneQLw+79Y8Szj
                                                                                                                                                                                                                                                                          MD5:5B100A880C7AA600A1159CD0FEFD92EC
                                                                                                                                                                                                                                                                          SHA1:7F520271020AC4F263B82580E8DEBD25A2BBAE74
                                                                                                                                                                                                                                                                          SHA-256:3834A6CEE16D2CD1A85E4918C076EC4FD5BA72F65E269D250407A54A1336CD9F
                                                                                                                                                                                                                                                                          SHA-512:C17E647A361E76C2D5B44B095EC08E95442862128E76EF4F3F749DAF7D946DA2E821C2696658A9AD92620CABA9CA634945F4BABED5950EB4A3230079AEF28092
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E1CCFAB6380111E0947EF0D5445AAAAA" xmpMM:InstanceID="xmp.iid:E1CCFAB5380111E0947EF0D5445AAAAA" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:842589C2380011E088DB900550CA3801" stRef:documentID="xmp.did:842589C3380011E088DB900550CA3801"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................5.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\btn_blue_left_n[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1424
                                                                                                                                                                                                                                                                          Entropy (8bit):6.603316933214945
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:mtK1hI+Wwh82lYSgHeqVqT3J8yJ3VriYPgUGsvE/vWyHxvNGa3Dlxw2D7CCoFXNF:mqWHvnneqYdvJ30YoUEneQLw+79Y8Szj
                                                                                                                                                                                                                                                                          MD5:5B100A880C7AA600A1159CD0FEFD92EC
                                                                                                                                                                                                                                                                          SHA1:7F520271020AC4F263B82580E8DEBD25A2BBAE74
                                                                                                                                                                                                                                                                          SHA-256:3834A6CEE16D2CD1A85E4918C076EC4FD5BA72F65E269D250407A54A1336CD9F
                                                                                                                                                                                                                                                                          SHA-512:C17E647A361E76C2D5B44B095EC08E95442862128E76EF4F3F749DAF7D946DA2E821C2696658A9AD92620CABA9CA634945F4BABED5950EB4A3230079AEF28092
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:E1CCFAB6380111E0947EF0D5445AAAAA" xmpMM:InstanceID="xmp.iid:E1CCFAB5380111E0947EF0D5445AAAAA" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:842589C2380011E088DB900550CA3801" stRef:documentID="xmp.did:842589C3380011E088DB900550CA3801"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................5.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\btn_blue_middle_d[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1223
                                                                                                                                                                                                                                                                          Entropy (8bit):6.120551639127836
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVCz2zaQ292yJ3VR2MMa2pGsO9kFBkdByw:/qWHNn2qqWIJ3D5GxkdUw
                                                                                                                                                                                                                                                                          MD5:0FBA1D5D5DB1351D633F74BA9C9A6D7B
                                                                                                                                                                                                                                                                          SHA1:717F462891D9846B49A60F3A7C63DE8EE1902583
                                                                                                                                                                                                                                                                          SHA-256:0B0E507BA8761F37564B3407367F4433AA90EA5793EE976F4A9AF447824010AB
                                                                                                                                                                                                                                                                          SHA-512:64053A04096865DA73342848B933A86D1DA40920261D1EB00DC726EF9EB067613BDB88198424FBF32F400968F71139BA17734D369F07EE2133317CF24D63BD1D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:305974A1380211E0A3C39CE72E882A3C" xmpMM:DocumentID="xmp.did:305974A2380211E0A3C39CE72E882A3C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3059749F380211E0A3C39CE72E882A3C" stRef:documentID="xmp.did:305974A0380211E0A3C39CE72E882A3C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\btn_blue_middle_n[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1228
                                                                                                                                                                                                                                                                          Entropy (8bit):6.137083134740419
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVSc9gc9yJ3VsczMB4cyGsO4sOZd/5I:/qWHNn2qiJ31Nbd/5I
                                                                                                                                                                                                                                                                          MD5:444ADCCE83FED8BEEDA5C2C8FAF46A9E
                                                                                                                                                                                                                                                                          SHA1:7509312BCB2E109B64DCAA25C2133DBB09A101A4
                                                                                                                                                                                                                                                                          SHA-256:27C5BC82673CBF72602439E810E5BED93BFBF5042043FB4C3496DC505920B1CF
                                                                                                                                                                                                                                                                          SHA-512:295664C404228E963D739CF2202865F16FD0E571F7AF395B3A459A640AB2787A49A5D9067C38E45158F4EB74568C7DAD140D680CA085554329F74615348E2D0B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:9ACC3BF8380011E0AED4F58081FEB6FA" xmpMM:DocumentID="xmp.did:9ACC3BF9380011E0AED4F58081FEB6FA"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9ACC3BF6380011E0AED4F58081FEB6FA" stRef:documentID="xmp.did:9ACC3BF7380011E0AED4F58081FEB6FA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\btn_blue_right_d[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1552
                                                                                                                                                                                                                                                                          Entropy (8bit):6.806714152273551
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVFBdyJ3VUxEGsvEqjsCkAuNizyZWbkff:/qWHNn2qKJ36EI6uszwvX
                                                                                                                                                                                                                                                                          MD5:E66DE163B9173ACCA30F4B8993F83CC6
                                                                                                                                                                                                                                                                          SHA1:843D72C1FA6828B85138C37AFD8838267D30C23B
                                                                                                                                                                                                                                                                          SHA-256:262170F2F28304F3AD63E40290D84A70581393337965307569359BBE6E6FF1F7
                                                                                                                                                                                                                                                                          SHA-512:E384B7FF91F43979F956378186BC7B62474CFE43D3D650B7E3F24D0FADE64AF1A1EB5341289927566E231BB6DF82D422B7F5E346A9128EE384F50A35E2F45476
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:1CF67880380211E09926A78504C59CE8" xmpMM:DocumentID="xmp.did:1CF67881380211E09926A78504C59CE8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1CF6787E380211E09926A78504C59CE8" stRef:documentID="xmp.did:1CF6787F380211E09926A78504C59CE8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\btn_blue_right_h[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1579
                                                                                                                                                                                                                                                                          Entropy (8bit):6.860906265073917
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkV+a/LyJ3VNiGsvEZlE90/y6Bgviy1puqxakWDdOe:/qWHNn2qgwGJ3if90ZWveqsEe
                                                                                                                                                                                                                                                                          MD5:50B447651E21194F04CB8264759E3AC3
                                                                                                                                                                                                                                                                          SHA1:3304817EDC739ED5EACF3EA2D53A9D0109E3D8F6
                                                                                                                                                                                                                                                                          SHA-256:F27F700812A7FF68B447DD8AA9A2E86450FCC00EF453C92B261641A3DE1780BD
                                                                                                                                                                                                                                                                          SHA-512:138B1676A5B0C1C855B7E7EEF0D89467AE7A839B3773DB4F1A5EB7EF7FFF5BE2CD2164B84F418E285530BAC2C1F98A2A93A79C954D603B920EE86B44B1116FF3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:8BD1737B380111E084C7EEB042A48667" xmpMM:DocumentID="xmp.did:8BD1737C380111E084C7EEB042A48667"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8BD17379380111E084C7EEB042A48667" stRef:documentID="xmp.did:8BD1737A380111E084C7EEB042A48667"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\calculate[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 19 x 19
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5359
                                                                                                                                                                                                                                                                          Entropy (8bit):6.954903601507637
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:h80GbU/kgsWrO5blAu8zx3P0BviGTZVDZ60lhtePyAxlb0wuXeraVWorwL/nxP+v:rygj6P7FT/LhtePyAxlb0wTrroUnQv
                                                                                                                                                                                                                                                                          MD5:A93744DEA3EEBA9C355D0817FFF0A575
                                                                                                                                                                                                                                                                          SHA1:26A9BC595D2373C3B124D836E47A328FEA59486A
                                                                                                                                                                                                                                                                          SHA-256:7FAE0F50E85C766E40D22B8C8A851599D2A41B9E9F4E01A180ADE2850E0F038F
                                                                                                                                                                                                                                                                          SHA-512:B4F56C80F84099349745A9F4AC983EB9F85C4F30435AD20D5C2B919BDBB9B136830B6A66AEAFA9E0638806648ECD72EF605FE0903466C4D338CF9C088698E69D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................LJL............dfd$"$............dbd.........|z|424TRT......<:<............LNL............ljl...................|~|464............................................................!..NETSCAPE2.0.....!.....,.,...........@.P..>..ah.d!&..K..B....T2$..`a.,....4.V........-..(.....!..&W..,.o....C&.,&#..K.'...\,...KC..(...jB...(..)...%....*.B......%.z...(.B..R\..B..."%..# .."... .B&E...K.....(.......Jj..$)L@0Q.N.d]N......T.<l@.dD.C.>(...8.. 0..$..!...../.,..................DBD....dbd............$"$trt......TRT...................ljl424|~|.........LNL....dfd............tvt......\^\.............<:<.......................................................P..2*..j.|...b..z.4.D.5.a"/R.....#.h.t:.UE2YT.,.+T..D..#(#$.'N..m..."/.KB"d)...i.. ..[m.-.iC,...)),C*$'.......'. ....B.......z.#.+.B,.E[).L)-.....$."Z...&E+)C....$i$.Z.......$.#.B.l.>|`.@A...(...d....<(("B..dC..."A..B"0...@.3.A..!.....0.,..................LJL....dfd$"$............tvt424.........lnl............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\close_btn[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 30x10, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):689
                                                                                                                                                                                                                                                                          Entropy (8bit):6.258485082542405
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0DkPOSgtKTUqooYjo4tOSDsSL8CwtBy98g9OmKNP8:TSB/TUbdrDsCIBu9Ojy
                                                                                                                                                                                                                                                                          MD5:29FDBE008F2A25179B46403D98EB8C2C
                                                                                                                                                                                                                                                                          SHA1:6D89EAAB48B8DB1F3DEEF67F8852F7EC0BDB8696
                                                                                                                                                                                                                                                                          SHA-256:98E572F2F62881F265692BD8C82CD89989C0FC94237FE267DDB494C9A595EB8A
                                                                                                                                                                                                                                                                          SHA-512:D0C780F44778CEA4A74EF9F6F9DFF591A89B42C75B2272D8053C106D5A685E586492A12E7244E0DEA0298D9FBB6C52C11420923147CF61B746E93FCED260ACC5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................r...................................................................8..79....f.H...C%VGWg.Ii.*..............................?.......3...]K.IS......s=g..\....,7.0.*..Hx...........#..2.\.#...$P "X..F.....eL..AfI..mdG4(..T............H........yt.\.wJZL.'.l<.3.B...A...p.p....+.../..L.......z."...y.....g...=/` :.]..71S....S.JO8...+K-uz.n.eL..... Rj..)L"I"~.&G...Q...`.....@L....3....v7.\...{uW..q. .l..6S.n.}...i...c.c.....k[.0.....>^.6...e...?..Yu....u`..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\cloudBackup[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 155 x 163
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):16530
                                                                                                                                                                                                                                                                          Entropy (8bit):7.870183378868981
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:ClEEL2EKcOR9E1/urzY+oHbAatXHTjVcuEzK3qEYQH:Cl5L1aRi1d0at2uk6jF
                                                                                                                                                                                                                                                                          MD5:6B3A6E5DD0C530290C403E800EB833C1
                                                                                                                                                                                                                                                                          SHA1:8C0A730FC54D9BC12630FF16793C98024BF00569
                                                                                                                                                                                                                                                                          SHA-256:59DD841BF7DE974C2BF18F37D533809568331324F8893185519CE339036BF81B
                                                                                                                                                                                                                                                                          SHA-512:4CD1D19B49E0FE9F56F3D1F19C6B38197DE13D09CDBD565ED9153D809CF784C94EC5A5662DCC1A65D36097309AFE3F81BE2CDAE54C33DADF142256A9D3F728D5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.............................$......g...........Vw.U7W`.................................'..........W...........h......................................."t...........s..f.......................;euRx.......x...y}|................................_...........J.....m..............X.+e..M..c.8x. ............................}........................................................................8..................................j.......................}.U.................................................................................................................................................................................o........a."..................................................................................................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\cloudstorage_icon[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1257
                                                                                                                                                                                                                                                                          Entropy (8bit):6.278969681200931
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:3ci5lRgE7bgGoMmrAybO5czz0q9qo8dVsXikaEUIn:3zlmEovMmBX0qxcsikrL
                                                                                                                                                                                                                                                                          MD5:48592804263733DA9C469789BFEF6ACB
                                                                                                                                                                                                                                                                          SHA1:D30463A878E22151B5AC98FB5E63F0E6E2DDE30E
                                                                                                                                                                                                                                                                          SHA-256:5320A766D85B33790ED725D17D28671E110FD2B58B452379C0BF68F36BE7FB3F
                                                                                                                                                                                                                                                                          SHA-512:FE6FC0C2A4258C7ACC64E5304D89BA1DFDBEC6A5DF7BC016BB401EDE6B314C79727E7A9C25CA3E23D8F39AE5D9D585CD218605F7969F322837EA4594D61397D2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a . ........m..............s....^..K...p........y.p...o..n.T....?..s..N.. }..t.......I..6...v.h......x.4............n.......k.....z...........y..k.J..O...k..z........o.\........G...w....>.................A..H..W.....|.'..1..n.....Y............q.....|....q...........{..p.].......u.....c..b....Z..`......w.S.....y.....g..&..3..)..L........V....,..Q........-.........0.....8.......C..m....2..x...%.._......j.............................................................................................................................................................................................................................................................................................................................................................!.......,.... . ........H. ..S........,YD.b.>..@.(..E.}.P..fQ!@78..C...FL.T.8De......H!..3r(........4.$ .I....p..b.:..<.h.#..UT.HD..F..8. Z.."....Q..*....,JP...E...Xd..M0....P....H......d...P..Fh)*.2......T..d..#

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\cloudstorage_icon[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1257
                                                                                                                                                                                                                                                                          Entropy (8bit):6.278969681200931
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:3ci5lRgE7bgGoMmrAybO5czz0q9qo8dVsXikaEUIn:3zlmEovMmBX0qxcsikrL
                                                                                                                                                                                                                                                                          MD5:48592804263733DA9C469789BFEF6ACB
                                                                                                                                                                                                                                                                          SHA1:D30463A878E22151B5AC98FB5E63F0E6E2DDE30E
                                                                                                                                                                                                                                                                          SHA-256:5320A766D85B33790ED725D17D28671E110FD2B58B452379C0BF68F36BE7FB3F
                                                                                                                                                                                                                                                                          SHA-512:FE6FC0C2A4258C7ACC64E5304D89BA1DFDBEC6A5DF7BC016BB401EDE6B314C79727E7A9C25CA3E23D8F39AE5D9D585CD218605F7969F322837EA4594D61397D2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a . ........m..............s....^..K...p........y.p...o..n.T....?..s..N.. }..t.......I..6...v.h......x.4............n.......k.....z...........y..k.J..O...k..z........o.\........G...w....>.................A..H..W.....|.'..1..n.....Y............q.....|....q...........{..p.].......u.....c..b....Z..`......w.S.....y.....g..&..3..)..L........V....,..Q........-.........0.....8.......C..m....2..x...%.._......j.............................................................................................................................................................................................................................................................................................................................................................!.......,.... . ........H. ..S........,YD.b.>..@.(..E.}.P..fQ!@78..C...FL.T.8De......H!..3r(........4.$ .I....p..b.:..<.h.#..UT.HD..F..8. Z.."....Q..*....,JP...E...Xd..M0....P....H......d...P..Fh)*.2......T..d..#

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\free_space_bg_2[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 79x56, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1563
                                                                                                                                                                                                                                                                          Entropy (8bit):6.597753710847991
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:uqQvnLpQ6yrnwNIJ3RkQYpuey1O1O1O1O1D6X:vQtQ6swNRQY7WqqqqD6X
                                                                                                                                                                                                                                                                          MD5:7CDC50320F3E7AB87B0FCDF879E36CDE
                                                                                                                                                                                                                                                                          SHA1:935F07B6B4140FAE920CA8488C43B9E8B138EE1C
                                                                                                                                                                                                                                                                          SHA-256:9EC58FA0BB63B9E9FBB36C7B86193880977FED8D7D0CF2ADCC833E45FFAD2C7D
                                                                                                                                                                                                                                                                          SHA-512:6CDC6791F027F656B8307771961A17EB9FE07271913695DD0F3F10DE02C4CA2906016868608895230E2B3DE315CDA8CC193B503BAAF86B13638E1E216C00A5BD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......<....._http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="21B4D8C4F05946BE8A54111997DEB079" xmpMM:DocumentID="xmp.did:1E1A093FA2BA11E3B12FA7A68388786D" xmpMM:InstanceID="xmp.iid:1E1A093EA2BA11E3B12FA7A68388786D" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:35F44DEBC5BBE211ACEDE45AB4E6C8DB" stRef:documentID="21B4D8C4F05946BE8A54111997DEB079"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\getipaddress[1].txt

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):12
                                                                                                                                                                                                                                                                          Entropy (8bit):2.4591479170272446
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CrCn:CrC
                                                                                                                                                                                                                                                                          MD5:41C339CE61C14523871A3FC6B571A8DC
                                                                                                                                                                                                                                                                          SHA1:26A624BE09DB3B0690B2DC7F391D67B6DEAE0782
                                                                                                                                                                                                                                                                          SHA-256:0668B98A79A4FC7016B56130C0880C25380B96F2E678A6CADF4EDBABC80EC172
                                                                                                                                                                                                                                                                          SHA-512:C4D27CB80213C9EC4276F8B1787625A77B75D96281A5F97B38369853A266AA4F0D0B82F2ED6DF09716B2FD891C510182712A1CC3457E6CFC239F6A56F64BB17D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:81.181.57.52

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\graph_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 136 x 135
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10093
                                                                                                                                                                                                                                                                          Entropy (8bit):7.814952176854079
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:JCLB1d2Idn4VdtygI9AY4+6gTvKuqcpgCImj9ra5YX4Bac:JqBvtdnStyRX4+6q1fImj9rYYoBB
                                                                                                                                                                                                                                                                          MD5:7C53D144D160F40D6A8FAE21D5A73813
                                                                                                                                                                                                                                                                          SHA1:F1E372F624C9E5FF5D97F922767236B9B72888F0
                                                                                                                                                                                                                                                                          SHA-256:716AE891C070263B44D23D7D3D5C8D9341731AEBD5916020660F42E5DA7322D4
                                                                                                                                                                                                                                                                          SHA-512:27C22412EE0F82FECCADEDF9F9DCB4AB6EC0C7409A4C649180CF0497AE8527C8395BB200B3B68361A70536F5AF5BA541C1847A56EDE94525642A16ECA415D6A5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...........................................................................777......666.........;;;.........888AAA......:::...............BBB..............999.................CCC<<<................>>>.........@@@...PPP...???...rrrGGG..................dddSSS............RRR.............................```...............NNN...TTTccc............QQQ[[[......ppp.........OOO.........aaa...............eee......===FFFggg...nnn.........HHHJJJzzz.........mmm...tttDDD....................YYY......lll...MMM............................wwwUUU..................{{{..................................................qqq...]]].........\\\...LLL......VVV|||...ZZZ......fff...bbb...sssKKK.....................................555.............................................!.......,...............H......&.@i...WP...a...'x.!...:.L.....(S.<.....0.I..;.-.....@.i.2#..H...AC.P.jh.....9X.a`...v..A.....1..0.."G...V.q....sn.Y)H.....v@....c.C...M.!......5-.y.N.X..B.hG..i.........4

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\graph_bg_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 1 x 40, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):120
                                                                                                                                                                                                                                                                          Entropy (8bit):5.411697445587176
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlEXttbiffRthwkBDsTBZt/9VWT8c//jp:6v/lhPKkJnDsp/Do/jp
                                                                                                                                                                                                                                                                          MD5:4999C8F3B0DE1A4F1E77BCDDA9380247
                                                                                                                                                                                                                                                                          SHA1:F6E3E27EFB0E173A32F1C66C5DE7EE708C8ED888
                                                                                                                                                                                                                                                                          SHA-256:FD50E8DA5693E727BFE219D799DAFD6ABCC97455B3FE288952B69055DE3DAAF4
                                                                                                                                                                                                                                                                          SHA-512:D3692D41497FD9FD956C6C5150FF12C71A7775F302F12A06D3DD92FC337B8BF9C8915BBB3710B7A4D6A25497547A90F8790A1F1567CB3C3839862DA4CCD0CF8F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.......(........ ....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.bx....`.7o.d....@.....k.:......IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\home_refersh[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1426
                                                                                                                                                                                                                                                                          Entropy (8bit):6.942859255318761
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:BkVal1he91Wwjx82lY2T3ouVq9arXyJ3VqOcreGY8ZF6FRC+:ZqQNn2xo9eCJ3o7eL8ZQu+
                                                                                                                                                                                                                                                                          MD5:88BFBC4F725B3680A7E4D4F9AD1C2CB0
                                                                                                                                                                                                                                                                          SHA1:5CB15DAE718080AE6CC7985CE932FE2E6C09C8F8
                                                                                                                                                                                                                                                                          SHA-256:073EB1D3B1528B14F8135370D36B6E5E06784771E3C995B5A67DA1EA5E41A130
                                                                                                                                                                                                                                                                          SHA-512:599D1D28556847CAC74BDE8BAAF3A3C9A37BA58610F14263AAB4BF9DADDF20D0398D22E7A21C334DE190DBAEC320284882CAE9492D3414E57756D98079BE035E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....+.u..m..s..o..w.....a..k..Q.....[..U..Y.....y.....e.._.....i..]........M.....S..q..g........W.................K........c.....O....................................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:D64F810D99EE11E39A758C55FDF38127" xmpMM:DocumentID="xmp.did:D64F810E99EE11E39A758C55FDF38127"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D64F810B99EE11E39A758C55FDF38127" stRef:documentID="xmp.did:D64F810C99EE11E39A758C55FDF38127"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\home_status_bottom_left_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 225x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2450
                                                                                                                                                                                                                                                                          Entropy (8bit):6.6042473155763295
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rVUKTFzCCTlyJ3VETAeTKGKRbi6yelO1YQVVVVVVVVVVVVn:NpNn2feKpRIJ3mHGV94elOS3tZXn0
                                                                                                                                                                                                                                                                          MD5:AB0D4A39E016E9808197C0C5FFAF9B96
                                                                                                                                                                                                                                                                          SHA1:94F2E56031AB85F6D4AA5276203A49B878F9BCDC
                                                                                                                                                                                                                                                                          SHA-256:F70DF2D18B25799FBD40588B4FCD20BAD4898D35C8A83CAA0004372519BF590E
                                                                                                                                                                                                                                                                          SHA-512:32D7B52252F8F172DC47762872408AB67B4B86048D972E9F7B93672A001B17E9BC935DA692E6F517DF6DE34854E15A5F0FE559C2635370CAD3DB9CB92E3D593D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:E33AC6BCF18C11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:E33AC6BDF18C11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A95BEF5BF18C11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:A95BEF5CF18C11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\home_status_bottom_middle_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):368
                                                                                                                                                                                                                                                                          Entropy (8bit):4.6064430251576685
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltlasluqnc2LBO8IW48MW1Ylk/jmMeBtCrShXlOxLsBYvl/wcd4:2P+Ec2bF5nYbNyL/Ld4
                                                                                                                                                                                                                                                                          MD5:466FBCEEEB33880C685707562DBEFE40
                                                                                                                                                                                                                                                                          SHA1:6BF2CB884D506F92E35DCF0EA24BF96404F9961F
                                                                                                                                                                                                                                                                          SHA-256:F31B0A73FE644B175CD1D770E299645A5153C566D88B15483B680511A09D604C
                                                                                                                                                                                                                                                                          SHA-512:64E8CE2866DFB14F85025496DD4B89A5E745AB3F065A7917912324C285E66A741CDD8FE8DD27703418CC9E23BD9DADE9860A35F314AAEDBDADA31F98DE8EFD46
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................V...............a....................................................................Q.T....................b$.............?...C[..Ws...L..Y.@..J.5.S...k..N\y....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\home_status_bottom_middle_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1197
                                                                                                                                                                                                                                                                          Entropy (8bit):5.822154442162251
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rVdFtlyJ3VCAzKGKxtA5D+3:NpNn2fAJ32VCK3
                                                                                                                                                                                                                                                                          MD5:AEF4F0E6AFF233517107739B1E9D0FA2
                                                                                                                                                                                                                                                                          SHA1:73B989EEDC37651874BB04EDFAA862DAEB810758
                                                                                                                                                                                                                                                                          SHA-256:0879DF0C6960F2D0685B480F63F872B3EC902B8A9C1D7220F82BE9C7DD059C9B
                                                                                                                                                                                                                                                                          SHA-512:BB7722072503EAC9189376FC89D09AC9B2E280B22274DD4152D27F94D8F6B9868F68BEFF15EE8936345148D7083700BF4EB8A2DB5AFB5ABF0ED545F893511094
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:F9CC6211F18B11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:F9CC6212F18B11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4F49B216F18B11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:F9CC6210F18B11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\home_status_bottom_right_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 10x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):613
                                                                                                                                                                                                                                                                          Entropy (8bit):6.256426779901082
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P+Ec2bF5nYzkBC5COsRfWt8UXp8YojQrexBKRb:WjJdYzkBICOsRfCjXp8YDRb
                                                                                                                                                                                                                                                                          MD5:5A6AA7A26A73E2469F281C364514290A
                                                                                                                                                                                                                                                                          SHA1:7E1C47CC7D14787AB1E869887BC1DB95BCB7A24C
                                                                                                                                                                                                                                                                          SHA-256:3B0F1CB89FEFC708EDF3583DFD8B18C2AE97A837311133A256203C179F888206
                                                                                                                                                                                                                                                                          SHA-512:282274C12EE5F1A296CA308C57FC657465BC4BF98FDF5735AB871B337120478619AD674CDE927A5DACE5B35FCD81DDFF7782208039D102FB1A10F2FD2A550C20
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................V...............l............................................................3.t...1..!Q."CR...................q..2...a."..............?..l...;-..kO.E.v........'..|.mQ.!E.s.v..X.fI=X;.j.A....;...:..2I...%.TZ.Ip...p....OV .,..B......s.N.6.z...f....\#/wk.*u....>K6......{.\.S...$..A.Y.E..........`m.$.b;2Y.E..........`}.$.b;2Y.E..........`}.$.b;2Y.E..."..L,.i......BM?m:..[...........O..^|p]x#...C.`...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\home_status_top_left_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 225x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4980
                                                                                                                                                                                                                                                                          Entropy (8bit):7.579216161828146
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:hjaNVzDpfCD4KgggWJA0tMtyfnfnf0NNNNNNi99dy:lgBC5y00NNNNNNi99dy
                                                                                                                                                                                                                                                                          MD5:88A91EAC353B103C311670FAB20DEFB9
                                                                                                                                                                                                                                                                          SHA1:D7CE0DD8748D4ACE18D3AB9C6E83B4A0F22E364A
                                                                                                                                                                                                                                                                          SHA-256:1F66070944281FEDFE03E856419B0A70DA776AA9A00B5B7873AA38214465ABFE
                                                                                                                                                                                                                                                                          SHA-512:2244247313CAE77817297ADC9269DEF2B3A5D2EDA86F74EAE64CE0235426367B1A91E3A54764F3DE363278BB85403137B77E5D7C0B5F3D0DA6C3A4FEE27318A0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d..... http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:C7275612F18011ED9B64D66787F5FE3D" xmpMM:InstanceID="xmp.iid:C7275611F18011ED9B64D66787F5FE3D" xmp:CreatorTool="Adobe Photoshop 2023 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="D4C12271C32C73CCAEE11897934AFCBD" stRef:documentID="D4C12271C32C73CCAEE11897934AFCBD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d............................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\home_status_top_middle_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1290
                                                                                                                                                                                                                                                                          Entropy (8bit):6.095079726643481
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rVRFhlyJ3VjAHKGKRbRlj/Hk0RhV8XDDC1:NpNn2fAJ3TV9r/Hd3Vuy1
                                                                                                                                                                                                                                                                          MD5:D7A1A72BAAE377F8FE782775B543D1CE
                                                                                                                                                                                                                                                                          SHA1:0D3D7194A1CB623F51B96E82205A6383A6B1D597
                                                                                                                                                                                                                                                                          SHA-256:C200FDCFB3B360D3334948D987024B4F0E5852BE5FAE7CF72D38355F514216FF
                                                                                                                                                                                                                                                                          SHA-512:29A0A4A57BB2B983ECA78CD2813F54DA139FC4D7AF06481E758437C06795C352E86DA259A694C25AB6842B5A9166B30641980D9947DD503BFBA886AD463BD639
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:F9CC6215F18B11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:F9CC6216F18B11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F9CC6213F18B11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:F9CC6214F18B11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\inner_page_btn_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x65, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):388
                                                                                                                                                                                                                                                                          Entropy (8bit):4.298614456440593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmB9mMabH0tEetfitHJlJUXE6bvWJimH:2P0DkzRUBtfitVUXE8vMiM
                                                                                                                                                                                                                                                                          MD5:728838B59B34B11FFB04F0A696826DCE
                                                                                                                                                                                                                                                                          SHA1:95EBEF0CFEA4429E5708D2DF2AADFAAB14E857EB
                                                                                                                                                                                                                                                                          SHA-256:ABECC99F18DF9E07BE988F9F425F373035AED82E56B24B2F03EFF001A2C252F9
                                                                                                                                                                                                                                                                          SHA-512:C3F3B187D4028ADF1EBFE5AEF6C7EA5DBA3DC9BEA4C5E217FDA75B45B1757A6CC4D0D108E32C926BDB9967C708675922A74107444CB8AEF2EF3E607AD0665627
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................A...............e............................................................Q....a..R......V......................!............?...........qm......L!p.3:cJt......0. E...@.p.T:....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\inner_page_btn_bg[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x65, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):388
                                                                                                                                                                                                                                                                          Entropy (8bit):4.298614456440593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmB9mMabH0tEetfitHJlJUXE6bvWJimH:2P0DkzRUBtfitVUXE8vMiM
                                                                                                                                                                                                                                                                          MD5:728838B59B34B11FFB04F0A696826DCE
                                                                                                                                                                                                                                                                          SHA1:95EBEF0CFEA4429E5708D2DF2AADFAAB14E857EB
                                                                                                                                                                                                                                                                          SHA-256:ABECC99F18DF9E07BE988F9F425F373035AED82E56B24B2F03EFF001A2C252F9
                                                                                                                                                                                                                                                                          SHA-512:C3F3B187D4028ADF1EBFE5AEF6C7EA5DBA3DC9BEA4C5E217FDA75B45B1757A6CC4D0D108E32C926BDB9967C708675922A74107444CB8AEF2EF3E607AD0665627
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................A...............e............................................................Q....a..R......V......................!............?...........qm......L!p.3:cJt......0. E...@.p.T:....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\inner_tab_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 30x28, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):758
                                                                                                                                                                                                                                                                          Entropy (8bit):6.5038676264344994
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0DkfFzokEllEMYnkkWfXtlEWoZAsSisYj91iPK9wdWnmOsYxseU:TmFzokpMYnaXtS0s5JRMySdMmOsYOeU
                                                                                                                                                                                                                                                                          MD5:2399DDB6A6809B0A4D0CE1F48BDD16E4
                                                                                                                                                                                                                                                                          SHA1:0C2C1E4189E45DD0886C5C20786CF580D716E60C
                                                                                                                                                                                                                                                                          SHA-256:D66D5699DC4AEB4FE50E1366E6450D9A8D59149FA020F4F3A0CCED6033CD74BF
                                                                                                                                                                                                                                                                          SHA-512:9E53A91BCEE91BE067FBFE25CCB607292DFD24DCDC80F84F4EC966A2D32B6146561E79C627657842772E48C833921300D81A1BA24A9E642811A2D407854F6BF6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................v........................................................................!1"6Q.$.v.Aa.2Rb.CS4.V..'g..............................?.....?.E.>.F.{...x......N)mVp....U.....9.Lc.......E....4....4.I3....>...@..P.$.]....P..c.Q..Cq.H.[.j.r.9\\..z.T.t.Q.J....".. .B..).....o..9J....1A.6.r@....N9.vv.....rn"Q6\...}..~....I}.,...i_K.r.0sy:.}..g...4>K.p/.B...z...H..j..D..V.:... .....-...'9.....~y.B.......6..}o<..j.ED}..H....l..]._......[..}^..f_s..z]`w.o..|.i..b:.Y..:#..../.x...+..X...W...{s....K.ht;.'7+k.^.+......u.O.?.?.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\js[1].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5955)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):248724
                                                                                                                                                                                                                                                                          Entropy (8bit):5.5689516587972685
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:qu2Pq+71vbzwHn239c/8evp2LUF1eFn+MCv522gY8pv1HxGnLP/w22uJ/cL:PAq8wH2tsKVK522v8pNHxYLn2u8
                                                                                                                                                                                                                                                                          MD5:32C937E29E94F9EAE5F0D50E1B5F376E
                                                                                                                                                                                                                                                                          SHA1:B9FD233FE7588EB7F0A4C6CB763B11F43301186F
                                                                                                                                                                                                                                                                          SHA-256:065A8BDC91D3F01F457CD6348835E5705DC731431F780900657DA394873A0F6C
                                                                                                                                                                                                                                                                          SHA-512:7391DC14499646559B8072375C5B2C97C59663828510A0DEE5D53B98F08E256A12EC9CA7AC4205FCA100571FE2F1BAE0EE91DA94619295668DA6895259A5636D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":7,"vtp_value":true,"tag_id":16},{"function":"__ogt_referral_exclusion","priority":7,"vtp_includeConditions":["list","rightbackup\\.com"],"tag_id":18},{"function":"__ogt_session_timeout","priority":7,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":19},{"function":"__ogt_1p_data_v2","priority":7,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":20},{"functio

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\js[2].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (7432)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):230521
                                                                                                                                                                                                                                                                          Entropy (8bit):5.545630022499772
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:fJv2q+71vbzwHnHV3K8ovp2LUF1er5yyXatvFv522gY8pv1H8iL:fJeq8wH1gf7tvx522v8pNH8E
                                                                                                                                                                                                                                                                          MD5:25A86C3C79B1FA63260CEE5950650DBC
                                                                                                                                                                                                                                                                          SHA1:70F5B50C45A3DF86ED7398E483969FCD8506835C
                                                                                                                                                                                                                                                                          SHA-256:D7F7D1C7568501FC76AEB93DDEE66B4B41199BF7A1F53C71C80E03D0527DB8B8
                                                                                                                                                                                                                                                                          SHA-512:F272C016CCF3EF216C255E55CAE1E22011DD5738B604DA9344834E22D9E1E64EF926403143E1B283B8904640D8C39F5DFD6EB78B06B1983034A2B26B541BD912
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_ads_datatos","priority":14,"vtp_instanceDestinationId":"AW-942863319","tag_id":10},{"function":"__ogt_1p_data_v2","priority":4,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regi

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\login_icon[1].png

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):271
                                                                                                                                                                                                                                                                          Entropy (8bit):6.587710454230162
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:6v/lhP70wGgjnDsp0MA2vhGgme4OK6prgVfo7GaUDUlLzvaKy+wVp:6v/74g8RA2vhBmCps+/vaKy/
                                                                                                                                                                                                                                                                          MD5:0453FB0CE5ECEB8E013C924A8A491121
                                                                                                                                                                                                                                                                          SHA1:115950FA6EC8EAFC729C267A198619393C995124
                                                                                                                                                                                                                                                                          SHA-256:6EEA23A84057F3CF4D55DB59E11A77F8FF488C48B44D6B27A161880DA0D67C7C
                                                                                                                                                                                                                                                                          SHA-512:68340B2D3CCDDD22C22935608594BDE162AEB5DB22E98074757B2233885C76FEDEBDA460FC4B93291E1C4465AA4E0802865F1D12B6F4FF448738E556DE7F8033
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.............;.J....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.....@...7..b&...k.8.... ..... ^.@.@....@...J.h....@...VP..^....^ ^.....H|d..D#...G....X......be v.b^..`..B...g....M2.H3..g....O....;......@<..g...h2...@.@....A{IW.......IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\logo[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 184x72, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4865
                                                                                                                                                                                                                                                                          Entropy (8bit):7.752054515186891
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:bY28lVkpN6uLK8ZLv057FArtL+bwwZCXQVHag1wE:bEHkuo8deB14CAX1wE
                                                                                                                                                                                                                                                                          MD5:A378634EDE5E73E522E242A6928CD385
                                                                                                                                                                                                                                                                          SHA1:153DB3FD78CDC9BA6A545AC1A817AF7CEAE3E4A0
                                                                                                                                                                                                                                                                          SHA-256:EFF90EF0612A01552732DC995E2BC8265328CD03E8AA376B76A30A1EBB8E1E40
                                                                                                                                                                                                                                                                          SHA-512:BFDE15821FFE707A418A4EA41FC9ECD08A705F0B056F5BAB1DBE8B13B4404B6740C6C0AEDECAED766C1639AEE0E3799C7B9D17625409C13FDEB958758A774F8C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:44D11401CC8011E3A578B8AD6CAF9537" xmpMM:DocumentID="xmp.did:44D11402CC8011E3A578B8AD6CAF9537"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:44D113FFCC8011E3A578B8AD6CAF9537" stRef:documentID="xmp.did:44D11400CC8011E3A578B8AD6CAF9537"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\modal[1].css

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (598)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5341
                                                                                                                                                                                                                                                                          Entropy (8bit):5.126249607206373
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:ARMfrtQGBmG/ugUbCgMtc9EhEkECc9ghgkgeH5ovFzxce1N1NPn9:ARMQGBR/ug0CgMtMSrNMmn35szxce1Df
                                                                                                                                                                                                                                                                          MD5:929331BCC9F7A80B78A913BB14DCFBF0
                                                                                                                                                                                                                                                                          SHA1:C0119BA81B9C094AAF2FE8886AF73CEC63AEA252
                                                                                                                                                                                                                                                                          SHA-256:4A86A3F871A6E4A63802DB15A698CB921A3F437D8A4AD61D6283DDBCA47B10A0
                                                                                                                                                                                                                                                                          SHA-512:353F9E49FB89FD2DCB877B49438EB1FFF4B3924031FF8C5AC3129EC207063589E9BF6DCC40F395134090764764DBB4646262FD04685FD1EB39C99F40B782AB04
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:./* Modal box css */..modal-outer-col{ display: block;position: fixed;top: 0;left: 0;width: 100%;height: 100%;background: url('https://cdn.systweak.com/website/rightbackup/images/1x1.png') repeat;z-index: 1001;. -moz-opacity:0.8;opacity:80;filter:alpha(opacity=80);}. .modal-dialog-box {width: 745px;position: absolute;left: 50%;top: 50%;margin-left: -372px; background: #f1f1f1;}. .signin-box{ margin-top: -195px; }. .signup-box{ margin-top: -208px; }. .forgot-box{ margin-top: -195px; }. . .tab-col {overflow: hidden;display: table;width: 100%;}. .tab-col li {display: table-cell; background: #ffffff; padding-left: 30px;padding-bottom: 11px; font-size: 16px; color: #000; cursor: pointer; border-bottom: solid 1px #a8a9ad;}. .tab-col li.active{ border-bottom-color: #f1f1f1; background: #f1f1f1;}. .signin-tb {width: 245px; border-right:solid 1px #a8a9ad;}. .tb-icons {height: 16px;width: 16px;background: url(https://cdn.systweak.com/website/rightbackup/images/popup_icon.png) no-rep

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\new_schedule[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 19 x 19
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1467
                                                                                                                                                                                                                                                                          Entropy (8bit):7.137519210371142
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:iODlXjal1he91Wwjx82lY2T3ouVA/f7AO2yJ3V4Dm6MGY88g/jX+:jDl0qQNn2xiZtJ3U2L88mb+
                                                                                                                                                                                                                                                                          MD5:1CB6A22A886F722B38108E007C63685A
                                                                                                                                                                                                                                                                          SHA1:B0AD8CC02B97979B3662ACE517234B2362EAFD16
                                                                                                                                                                                                                                                                          SHA-256:98DA589DD362D8102EB52471F326A83192F8614CD433EF1397375F1271BAF158
                                                                                                                                                                                                                                                                          SHA-512:ABBB1E2127778B42545E8EBC4758FC861FE14DA1CFE93A49BFEFD26C36660D076176C4BB798813EF97690102CFDF29EBFEEBD149F538CC933ECFADFFD3668DEB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....:.............DDDwww......xxxiii..............fff<<<......vvv...{{{...jjjnnn...................!!!......lll...PPP...LLL...........oooSSS(((....HHH..................))).....................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:93A8407258BF11E3B79AE43542DF7FB0" xmpMM:DocumentID="xmp.did:93A8407358BF11E3B79AE43542DF7FB0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:93A8407058BF11E3B79AE43542DF7FB0" stRef:documentID="xmp.did:93A8407158BF11E3B79AE43542DF7FB0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\password[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):204
                                                                                                                                                                                                                                                                          Entropy (8bit):6.5579037118256185
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Cczi6HpI0htQQTvlR4RHiRaMd2UEMPYiT9tlOrRP8/l4hSScwO64Gf2NkoQC/G5C:PDzhiQTviC9dbPg15rOc25/G5ok4
                                                                                                                                                                                                                                                                          MD5:E7D84A78762B6805334AA50AD94D94C4
                                                                                                                                                                                                                                                                          SHA1:66612E76CF4257A19ADF4BD2D371819378C84A07
                                                                                                                                                                                                                                                                          SHA-256:CEFAAC1F4187B45AF8F0A16CB6C565CD27D6A8C1B8A3903E0356D5ADD8B538A4
                                                                                                                                                                                                                                                                          SHA-512:282303C69C6E9849DDBBCE902589C5F479D3DB16F576048C05C11ED8DCBC2C895B438424D6A745EB5929CC36F33EC29C9320EFB987AABEBAF0B9D1073D1876BE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a................................................................................................!.......,..........I.'......U.I...".=.....y.`.s...C.......g0.....(..hE...s..'fm..3<...b....;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\pause[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2785
                                                                                                                                                                                                                                                                          Entropy (8bit):7.728595648552837
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Ti1uq/hO8VeDY5BZ2NbVZaQiS+65eTS1QvU4+VrbVhn8jqMSNr:TTq/htVeDY9cnaQD5c9Yp5h8j49
                                                                                                                                                                                                                                                                          MD5:430835A861006AAA25829373DDE4C186
                                                                                                                                                                                                                                                                          SHA1:BB80FB99FC1C94BFEA415CA80E819F339D9BB061
                                                                                                                                                                                                                                                                          SHA-256:DDA5FBCC1AFDB686B58B56CD9E5C578BECC7E1279422F6D919A79F631105B092
                                                                                                                                                                                                                                                                          SHA-512:2A1CDA4405EA1BEEEE0DBD760AC3E06CBAF5831B78212FCF6DD7B2E71969F77131331D9A9F7842B13C099FA19E2B0FADDFE06AE02CBDD2C9E603BBB250520972
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#.............................................................................................!1"#..37AS..BRb$4D%5e..&6vw8...........................!."...1AQ2#..aR45qB36..r.CSc..%uv7s$.............?..S|oj..).:.={xn.....+u..kn..!R......Lu..a(..B.@.U&.../...p..^..JS.zb.!0.6....K..d....."B.q...xZ-...oj..Fm.e..6.\.n.fs.&.Ch..2.Rb..L.J...<.W4-'?1@.X@?....).1...:`..]r....c...q..f.~.P..v).W..I.Qhe.Qg.Q$..nRLHA...B..CH.\...W}Tx|...3.%...H.5....P.s.D...j..t.....X[)..-.k}q.i.}...vN=EJn..Pq...q..kV\...sO..G...=..;...j.u@...........K....(...U.#.....N...2NC.^....FzE.$-.U.1.E.(.R........=.z..si...v..P.]..k.Y.*:l.jCTL..p8...d..R.c.b..... %.....q..P..7.ka8T.%T...4P......H. R., l.........!>..../...o.......}.8}NN..OWo...q.sR\+..o.......{9A.\.$=....P.0.-.*S...;s*.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\play_disable[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1403
                                                                                                                                                                                                                                                                          Entropy (8bit):7.340210991905992
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TivbmEc9ehWxKwvvlr3lXt60xfvRe6Cqilor6lkwLQlR4qn8:TizmEc90fwnF180ZvDC76rKkLTLn8
                                                                                                                                                                                                                                                                          MD5:1E646DC662162EB1A039561C5D3B8E3A
                                                                                                                                                                                                                                                                          SHA1:A9996C744ECC301F7F6CB24AAD9EE959205AE710
                                                                                                                                                                                                                                                                          SHA-256:BB3EA926E388CBB51AE6FDA3E3B8AB3CA2BFEBCBFC023E35908C141536390C34
                                                                                                                                                                                                                                                                          SHA-512:BDC473A1967BF81F8A6728C936EEBB9648C058777FF9220852C8E89DEA4C633321271D0DDCB9195CD643FC37C13063D94843085CB0423AC0788F800CD7F1BA59
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#.............w.........................................................................."2#.!1A$..QaBR34%.brCT5'8..............................?..J...y#M[KiM'p...M...8...&")..7..r.3..4.I.lGx..T.."..:`5g...@...W.zi.*...*){{i!.N....\D.:#P..c. ....P.0...S....J.m....O.....>...j.....%g&..0(8.cc.{v.....1T.4.P..\.9T.6....N9.i.Ji..(.z..4./#G....h.*...Cd.._.^...;.{.~...........k&..{Q@Q...=....)Zb... .."\9y..G+..1D.........}2U..r.H13..nA*.be.^.......oJC ...z.Wl.*.4."b..0.:k...[..).'d..!.$..T......r.J..l.\.( .n.Z.9.@...'.p...N..&..*.D..j.w............S.....]......\.P..%y......../.v.j.es;.ZN*......O........Q...,wN.-.....n}.....i...rT....S+.4.LG....`B.r..;...1...)JP....m...="";...W.N.^!...(:...aE...f#[N.6...S.2.....u!....&..l..[..*..p4LD.E+.N0+&.Ul..q.)..*?..P...... $....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\process_done[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 49x48, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1601
                                                                                                                                                                                                                                                                          Entropy (8bit):7.5601496645460395
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:WjJdYh/r42e1igrUCqdjhz2vOHe8T/NvL0NeWzO1mwJUlai3XIcIi9r:OJEc2O3cdjhz7He8r98KR6IcIip
                                                                                                                                                                                                                                                                          MD5:6B7C715E62F80247719B5905BBA4D8BA
                                                                                                                                                                                                                                                                          SHA1:6138C56605B69A8F79FC161E408DC49735AFE13F
                                                                                                                                                                                                                                                                          SHA-256:3C2B210B45C79C3D36A6D8DF961296A107EA6B35366761EEB38441B2F32DD15E
                                                                                                                                                                                                                                                                          SHA-512:CD1AEC315652712B5F1921C7EAAB9994993D865CEE77BAD4431073058187308BA8614694E5FEF343E00756786F965872CCFF6B1E6C74BE78CE15A7240A96269C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................0.1.......................................................................................!.1..A"Qa.q.2%.Rbr#3.$..........................!1Aa.Q.."q........2B.Rbr............?..ODF....".|...g.8...../y..y4.a.I)..k.:..cSQ.6V....6.-MF..Xv... .......S.....P..eg[h'..C,..^..4e.pE@.Wj.....4q. ..o.Y.4..h..8..m.ee..D.}T..]..DF...j./"..L...,...]..s.ED..f4.....2...X#.d.e.6...}./..%....*Ow...Z..R....GS.jz.Gg....^o&..[.....#...p.-.lJ...M.....7$.1........,7...$..uh...(..m......|.TZ=7.C.x.v:..=x&;.~..W@....#DKo..\...0.2~O....>..Ty>j..}..J>GU...,=..Wy..-..O.....]....7.<.8.\&.H...Om......Sf....5.../......v....:/W.........p.k.6..Em.[.Q.UQ......4E@.G.\.........i.dP..Yf...fv...h..cZ..:.V&..=8} .m...d......M. ....x...^....H..R#...&s..2.....a.c....iF..h.qllL.;.]>.iH..d.ql..s..}...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\progress_yellow[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x18, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):378
                                                                                                                                                                                                                                                                          Entropy (8bit):4.196251415229742
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmM7mMYeltl4Xbr/tqnl3uL84Q:2P0DkwLeOhqmHQ
                                                                                                                                                                                                                                                                          MD5:9E01ADC911F22CB55A3354628D76CFFF
                                                                                                                                                                                                                                                                          SHA1:11C05794DEFC548B65FCD337334133B70361EC24
                                                                                                                                                                                                                                                                          SHA-256:895CB1340C1983EB29521571130D314007CA1BDD22609EECFD014E3C72851FB6
                                                                                                                                                                                                                                                                          SHA-512:8AB3DA408CD299420BE550409A33B1FF05BBA2CFC295FBE71DEF803C1BFDC92825A784B087E8F10F293FE73E82B10410F47D26CF4E4CD8B6382264D1180E00DD
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................g..............................................................S....V.....................Q....R..S..............?..>z...hm.n.\rnj.....o.F@^.......GD.ae...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\progressbar_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x7, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):333
                                                                                                                                                                                                                                                                          Entropy (8bit):3.4995756401589917
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:mgslLPltlaB1lQQp/yEDpeknmRmZtndmMpa/ll215zW9pvZbp7Lsn:mjPltla6QzDkmZmMw//i5KRbp7Ls
                                                                                                                                                                                                                                                                          MD5:E8842FEF2067C957DF0C87509C75A25E
                                                                                                                                                                                                                                                                          SHA1:AAF542BBCE731D0E6D57A3C0029C5FD47F7475EE
                                                                                                                                                                                                                                                                          SHA-256:4BA3960DD801C9E19436E4829A93D36324635A79C8D2016454B0BCF3D9D458DB
                                                                                                                                                                                                                                                                          SHA-512:F75556CD5BE13E0381E81DAC332975761EBEEA63C0D46DA2290B5988D0A6B3FF0357F0248BC103367CA1B62D878462C7D009384635112D2AA181E24B0251665B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................V...........................................................V....................a..............?.C8..H.|K.z.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\smartBackup_icon[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 270 x 30
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5678
                                                                                                                                                                                                                                                                          Entropy (8bit):7.721980116823742
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:4PLLZzYnGS/n1EWWemzK2Lr1PrVkA2aIiDTdE0O9DWOnY5KXiZJhny:qLZzch/nuWJGK2LrJBr2aIiPgBWIofC
                                                                                                                                                                                                                                                                          MD5:2E25ADE0B5B2B10DBFD8A870C2D1B1A1
                                                                                                                                                                                                                                                                          SHA1:810612CFD1718229D822EFB423DA90A7AB0396A1
                                                                                                                                                                                                                                                                          SHA-256:471802376C0205918798B6D3DDE1D6742901B85D23906883BF6D1C1C10CAC079
                                                                                                                                                                                                                                                                          SHA-512:AA2624A2207C2E604F919D98093999B726633E01AA201C08389B9B26BAA3D33E6FEE301EA6806ECA26C6FE2CC4CCBC6527BCCBDE8C8055B79270E1140191D0BF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a........S...-ReT..D.....h.....m....X.......]l..l..6.....U.....d..9l...........*..................#......,y.........9.........:.......D...v...........i...................9..5..../....v.v..C..+......Ew.....l.r|.]....................A...|.h........X..xxxTOLH..I.......!l.u..[....%.....]..Z...^............KZfU..Q..........R........H...l.C.......<........6..3..{*Rl.......'..;..:..I..0.."...y.M.....hfe]..ht{R..".....b..Z..0..+.....V......G..Q..P.....o..........G........~........A/<G...2..}..>.........B..........._....A....................P............{..........................D...........%.................-..>86Z.....a....:@..+..(......`..Y....__a......_.....)^|.....................?...........z.....8..?...........!.......,...............H......*\....#J.H....3j.... C..I.$.t.rh.1....$.x9....8mz.C.....y1G.....x...iD.y:....>|....&....x...........p..~)..]6W..<..2h..;..).F...vGv.H.0...^"{...2e....SPC.`.:..M...`...m..]...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\smart_bg_bottom_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 9
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):169
                                                                                                                                                                                                                                                                          Entropy (8bit):4.988495305925352
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CMJLbaCY/dsKeXE3EhSl8JfiaaOLzl7/lY2UGVcn1sBFe1FHsksonle:/xbdZKuE+J6aaOPlyG6nbE
                                                                                                                                                                                                                                                                          MD5:89CED3FB0DEADC9E11DB44ABD6C322D8
                                                                                                                                                                                                                                                                          SHA1:85D0DCB88E51E7E086BC5D94B8987C788E502C93
                                                                                                                                                                                                                                                                          SHA-256:CE4B40403749F12AC68BF3460A6BD56A160519F50D1A37F13666A174FD064138
                                                                                                                                                                                                                                                                          SHA-512:FCADAE3404AA4D59D0943EA6FA4144DE72C9DF73D5D95840CA159B027C651959064EF87A0715BB5FF0F81360E8CD7758691733B6F010989591C4E22148724A39
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................................................................!.......,..........&.$.S".#r.......N...b...`..4.".....B.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\smart_bg_left_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7666714321693266
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Ck0o8R/l7/lRhlen:XWlbe
                                                                                                                                                                                                                                                                          MD5:6D887D0D15161B2CAEEDFD48F4F25DEC
                                                                                                                                                                                                                                                                          SHA1:00958B93857DA0AB37241027AA9F74D4F470F320
                                                                                                                                                                                                                                                                          SHA-256:501A64844D26B44552936517694DD886D59C33131028465C3489C08068922B96
                                                                                                                                                                                                                                                                          SHA-512:5872299230FCD13BE1A2D7222E1F46EB5C841D4A6CF89C323FF8FFEED645BFCF486C4E30FF459563F5DA368ABDC62CB721FF87618BAD972244A03BDB813A25B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................!.......,.............)..;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\smart_bg_right_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7666714321693266
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Ck0o8R/l7/lGb:XWl0b
                                                                                                                                                                                                                                                                          MD5:21CA5EBC62AACA81ACDBA2DF14C4570A
                                                                                                                                                                                                                                                                          SHA1:1C22C4608C4A0E0254BB703330AAC18DF67C23F7
                                                                                                                                                                                                                                                                          SHA-256:0B1191A521823F36588F939D89DE639E62D4CB3214FA9DEFC288439B215C9738
                                                                                                                                                                                                                                                                          SHA-512:08CFD086E1C12CC8618B02EC5ED1AA85B288EF8CE4970D9C35370E30DAA8073AC70669D29C7B91A89D2FF839DCAF46E29AE92F9D526DA5727E8649318DC5A8B2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................!.......,............/...;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\smart_bg_top_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 17
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):184
                                                                                                                                                                                                                                                                          Entropy (8bit):5.278086123933448
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CUz1AU/aHnSWje9StLpRK8QV/Nzl7/lPgQePl9F023h2j4jautoG9uNwNen:HhAYsSUSep4XxlG9n02WQaLqKwMn
                                                                                                                                                                                                                                                                          MD5:9F655D0CA1A4AD5C342000D52AC4C925
                                                                                                                                                                                                                                                                          SHA1:A2697DCE8E59792DFA34395B41DF98B48231C0B3
                                                                                                                                                                                                                                                                          SHA-256:00BCC29E6069D659FDEBAAE87E17BB127902E32BD809E7786DA666EEBAE07753
                                                                                                                                                                                                                                                                          SHA-512:71071C03F4BD586F1635661304688D429F8A8B20E978C7C14287A165B15A5A868F2F87DDB4155A3D6A3B5177FA2FFC719CB6A0A8D144A37780D5CB3444C3612F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................................................................!.......,..........5.$J..... .#D....3..$.~7...f..\..@......s..N}U....no!.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stop[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2708
                                                                                                                                                                                                                                                                          Entropy (8bit):7.71117668408159
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:TihMTza2vu/TYBX+ZhGBfwJWK2R2ppit/Tb/UAd+1YDxDMupbAEsvOAcKh8EJoNh:TbCL/TwX+nGJl4bit/f/T+utDpbsvOPt
                                                                                                                                                                                                                                                                          MD5:03EB115AA265A6708BDF7CFFAFD4489B
                                                                                                                                                                                                                                                                          SHA1:CA225A1C8C3BAF6759082451EBE61ACC0D2223E2
                                                                                                                                                                                                                                                                          SHA-256:ADB7E8375DCDFC48F0A671E0D92DF1BB16213F4429C12F5CF2EA7AFF80312680
                                                                                                                                                                                                                                                                          SHA-512:06A44ED830865F62B6CE4F465A9ADCB841A818F09618582E9292C165EC46EFA27C6C5FD7ABF622B3ABA15AD58C547036C4F7DE2716DA88BF7532657CAE338E02
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#................................................................................................!3."#%..1ATa2Rc$tU&..'.8.........................!...1"...A2R#QaqB...r3C..b.S..$%4d...5E.&78............?.....X}.JW..V%T.Lt..J......I..D....%......?.8.4.....C&...Yh.1f..fW...j...A...a.4I.....`.64.K...U.%H....J.E`.&.L0"I.7.t..7.0..J..L-...a..+..2r.Cp.*.x.T.Q.H..0.S..bS..R.pQU.o..R...&.K%g*.qY..x6...I8.....-......8.+.f..[..N.W.5.+.}.Z....=...5.b..p...7.vr..gb..RKWd....UcR$..p.,L....[..@DC...'-....+.^.w....}'Eb...m...S..I..Y.87c.K.I.C...@......sq.^.T.r.^..\.Ls..!..I).iK...K.%....2..IY..V*.Z.XLF.{._:Fo....]AM.<riZ=F ....Q.........=.f}0...+:.m.].........N .]3..l@b..C...V..)..4.:.u.45*.8.....(.M..ziH.....(E..:.!0.8....L..x.&T....C...Q.%.....;.p......2...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stop_disable[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1338
                                                                                                                                                                                                                                                                          Entropy (8bit):7.304771537139327
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TivbCF6TfgMM4AyB1BU92ZXHGBsgTnl+znMa7RsxgrsaavDI8:Tiz9TYFNEw8Z3GBsgEMa7RkaarB
                                                                                                                                                                                                                                                                          MD5:588A4F474047F6E88FE416C90ABB4C8B
                                                                                                                                                                                                                                                                          SHA1:6B81F65A2CEFFF17B8727B4E9D64824BFE5ED7C7
                                                                                                                                                                                                                                                                          SHA-256:BF99B8AE1D8E607F2FA9AB1B4CA24CB5FF859986400EB91E1CE9AD4EA474CC27
                                                                                                                                                                                                                                                                          SHA-512:5FB594136BBEA3EEEBBBDF0BFB53F39BAFFCF6F7D15E45C3C31711017FDFDA640480FE646C07164AAD506E73F6B7C4DB9EA835EE67535F039C26F21A66D92506
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#.............w...........................................................................!"3.%.1a2#T.ARc$4tU..'.8..............................?.....Y}.)..m5fUN.T.Je.......h.T..E.....3a."/...CL.B8B0..,8..`.Z.Xg.%u...z.n..V...X.l....J...fO..B..a....A.....Y.-<n.3.ExWd.r...F.!.....s...../P.l..HB.>hc...Nn2.S:..W.'nK.oE#.R...-BJaV...lMP...a.....4{U.D@K..@.=...d.....k.0.M.k..M).......K..2.|.>;..\...a/.r..?.6 ....B.[r.Z.Gi.:hkI.S(r..-i..n(...w*....Iy'B..../......1.1...cy.....D......I.WMmg..aN.j.dI\.).`...@..<...X....$.`2.,p....!D....=.m.t.Z.(...O.......'..;.q.i|Wm.h.\...e..u.7)..r...^..4q.9..AS.......-A...S..x.v>0.N_..........@............K.z...B...V,V....*T.G(Py...Q$...B.a....x...2...r.....=....k....2e..o.~......[2...o7...n......m..9.-{JS.^.....3.-...0).Rpn.".....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\storgae_bg_frame_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 6 x 97
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):361
                                                                                                                                                                                                                                                                          Entropy (8bit):5.807736846063713
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Mt1zKx6zTR/W8lNwH/mZxjxlpn+Qkzcp/iu4ZbCVe:iuxiBz/wH/mPjro74pq3ZWVe
                                                                                                                                                                                                                                                                          MD5:A415EEE9576685DB65120FA7064F9DA6
                                                                                                                                                                                                                                                                          SHA1:9CB2B71B1EBF2C1B593525D618C9F10FE058906B
                                                                                                                                                                                                                                                                          SHA-256:EEF20C5D7F9E6144EBBAB37030C6DA0FCC84D268E4ABE911A4183EF2940AC98C
                                                                                                                                                                                                                                                                          SHA-512:C3CE085FC6D21E623197BC555A22CF7CC1C409B0583E9CA31B6899A632113985FBCFB5EF12F5BA5CC683EA67B62B917B1FA4CB09392F76AAB68EA251CAAAD840
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..a....................................................................................................................................................................................................!.......,......a....@.....D.........&.|".A....@.M...........o7.....x]......{.z.~...}.................................whs....^...#....!.....H....B... A.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\storgae_bg_frame_left[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 6 x 97
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):361
                                                                                                                                                                                                                                                                          Entropy (8bit):5.807736846063713
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Mt1zKx6zTR/W8lNwH/mZxjxlpn+Qkzcp/iu4ZbCVe:iuxiBz/wH/mPjro74pq3ZWVe
                                                                                                                                                                                                                                                                          MD5:A415EEE9576685DB65120FA7064F9DA6
                                                                                                                                                                                                                                                                          SHA1:9CB2B71B1EBF2C1B593525D618C9F10FE058906B
                                                                                                                                                                                                                                                                          SHA-256:EEF20C5D7F9E6144EBBAB37030C6DA0FCC84D268E4ABE911A4183EF2940AC98C
                                                                                                                                                                                                                                                                          SHA-512:C3CE085FC6D21E623197BC555A22CF7CC1C409B0583E9CA31B6899A632113985FBCFB5EF12F5BA5CC683EA67B62B917B1FA4CB09392F76AAB68EA251CAAAD840
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..a....................................................................................................................................................................................................!.......,......a....@.....D.........&.|".A....@.M...........o7.....x]......{.z.~...}.................................whs....^...#....!.....H....B... A.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\storgae_bg_frame_mid[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 97
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                          Entropy (8bit):4.077900977034687
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:C0lfthyho+C1zl7/lftnKnVlen:/+ZQlXyVlen
                                                                                                                                                                                                                                                                          MD5:70AF555D2EC71BF947C31A5CEBDF3509
                                                                                                                                                                                                                                                                          SHA1:7AFF59ADD6171E88FBD2E7409C13AA5A388E69A8
                                                                                                                                                                                                                                                                          SHA-256:860B80D0542B29910296D4A2EB93D43949A69B2373913409DB0357054B0DB093
                                                                                                                                                                                                                                                                          SHA-512:853F5D05D5C38743116B9D9639B6F51D91F919F742CFC0987E3E806AA7FA25FC5D2E07E31696CF9CC3ED7053A911EB9A948ADD4C8A3630C1E8F92FB758CF98AA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..a............................!.......,......a....H#..0.I..8....;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\storgae_bg_frame_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 6 x 97
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):248
                                                                                                                                                                                                                                                                          Entropy (8bit):6.266950040198473
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Chh/7VvIyOIyh9J16SiN/3DXlzl7/lvuwMt8T7y14K7YOuzKwVKPOBmiD8cickIr:uD3yh965zlg5am4DOu+HOEO8ciLIto2
                                                                                                                                                                                                                                                                          MD5:3B16AEBCEECE1D8C00F41014861587A5
                                                                                                                                                                                                                                                                          SHA1:A215CFFAE6761DFF4519A9DC4382E084A72EF08B
                                                                                                                                                                                                                                                                          SHA-256:B921B38D1733A612263CD1C1A8517BB9C2C3B2B6E09AF4C565A6E5A9453F6020
                                                                                                                                                                                                                                                                          SHA-512:679376C3E6590D93434F931F3A1B39A3DB8F25243327151D1D4E8D5D724072E8ACE6E54A07168C967E168C96E3480D1320BD2503B6EE166C87BDD8E7C04DDC42
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..a....................................................................................................!.......,......a...u`5........A@N$\4%.Yv.......].?.Ny.&.Kh3..N.V.V..r..0v\%_..kf..kp[....u.}.....}....|.y:W@N.C..4D...D.......,....&!.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\sync_cloud_enable[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):547
                                                                                                                                                                                                                                                                          Entropy (8bit):5.264253085078472
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Nc+0/p+X+YgngeSYcJ8wbDpztKf14NeDk15PciklOg0ut0P2bFr:eL/QvYRcSwJh8Lg1RoUgZiebFr
                                                                                                                                                                                                                                                                          MD5:B9C6CEBF4E81F32575FEE5A7E1295DDC
                                                                                                                                                                                                                                                                          SHA1:E9943FB841A5DD5D4D2EEB6B4A314AA123517740
                                                                                                                                                                                                                                                                          SHA-256:2922BE442C2C3784B4287532F1944E5A122BDF736EB7CED3FE1EB348F9941E18
                                                                                                                                                                                                                                                                          SHA-512:4E1348C1520B6B44CB0892F39F88279D5090321118C6AB558FF2A1F3842B9AB6F6F77DACC2F395BBBA4F5D0420BA682ED766FE508826769AE357BB3B9A464D11
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....B.]]]QQQ............dddhhhpppxxx|||ggg......eee.............DDD...MMM...TTT.....................777999EEE888iiiyyy...;;;kkk555............@@@...FFF666......fffqqq...HHH{{{...III........\\\...333..........................................................................................................................................................................................!.....B.,........@...B....B!<..."..A..>A9.$...A.3(A2/A..0.*A...=A...B-6A..A.:...A8......A@+&A.;.4..A#.,...A.B...B...5..1%B.?A.....B)A.....AA.7' ....;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\system_tray[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3466
                                                                                                                                                                                                                                                                          Entropy (8bit):7.640829682387884
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SqQNn2x2J31Vi7XTEEr3P/B7vDGqJZhzPrBxZNk2GGBTdn9aGm5kxu4cq7NuK:bY2cVUr33BztLrBxZNkVY9ahHmuK
                                                                                                                                                                                                                                                                          MD5:4AA16C1037C44D40DD35E9CEF4584EF5
                                                                                                                                                                                                                                                                          SHA1:729CA7BF931E81A0FBB9A1B0719AAE284F562C3F
                                                                                                                                                                                                                                                                          SHA-256:5F44F76DC101DB113422D4DCC25AB612BB446E7E364D43A6981712638A44B245
                                                                                                                                                                                                                                                                          SHA-512:C2B1229D631925F3B4E6DBDB3DE5A5CCB52627480F7C7329AFA51DA58ADAF0B3415378B915F803BF51299A10260CF1D5229A0E377783F8CC30B0E348FC85546E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:E40A56FDBE3B11E382E8AD10D940968E" xmpMM:DocumentID="xmp.did:E40A56FEBE3B11E382E8AD10D940968E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E40A56FBBE3B11E382E8AD10D940968E" stRef:documentID="xmp.did:E40A56FCBE3B11E382E8AD10D940968E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\tick[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):327
                                                                                                                                                                                                                                                                          Entropy (8bit):6.533887865527143
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:PSZO/mRFwH36XdtAa+JKw2YBDkKALXUtLjgu9uVHFF9t7+JrWc:P4kXsl+JKjdKscLB9upF7t7arf
                                                                                                                                                                                                                                                                          MD5:791EC373D30FE6B62647A78CBDE61D71
                                                                                                                                                                                                                                                                          SHA1:1E5831F5DC9DD0B84C17927DB03008B1D6E88BA9
                                                                                                                                                                                                                                                                          SHA-256:171B130E505C5907A6D423B0C3A00E6AD7C0C8982F8002F596BEEE8549C3F765
                                                                                                                                                                                                                                                                          SHA-512:03DEB32A4E24EA91308DFA5779225A654EF021B3ECF6B9CA3862021C15D5BE15FFFF691E40F111992C45729ECC3573E5D2FF3CB3857BC09DA2085AA5E990A227
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....3...................|.|...j.j...............e.el.l........@.@I.I...4.4...f.f......b.b...<.<q.q...u.u>.>..............^.^..a.a.....8.8...............................................!.....3.,..........d..pH.2....H(.........X...y!O..........2..*...]....A..."^..C#d2'%0^.E.&^..^.J. ./.O..^).U3..2w.3.,OA.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\tooltip_left_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 8 x 1, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):111
                                                                                                                                                                                                                                                                          Entropy (8bit):5.070266161309459
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlvutJHrtRthwkBDsTBZt0AVuftsup:6v/lhPkxnDspLAeup
                                                                                                                                                                                                                                                                          MD5:F31C9E93B120F0AD4FCE12CA4036429B
                                                                                                                                                                                                                                                                          SHA1:ED1AC2F94AEA244FF60C581144F2D78505CFE6DE
                                                                                                                                                                                                                                                                          SHA-256:36502C43CB1FB1C941D66A99C55213DDCF62BA1AE5658150A63A1333FDF76267
                                                                                                                                                                                                                                                                          SHA-512:4A9C04ACFB64A2E2FBCB9EEC7E85917B9668FA6D58C94E7307F67E925481911A84CFA2975F9906A6877663147C5BA98ABB1AD62180216FA8261A5F6111FE7013
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.............lbx.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b.r...l. ...e.hH.. ....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\tooltip_right_bottom[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 8 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):210
                                                                                                                                                                                                                                                                          Entropy (8bit):6.344702720190182
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:6v/lhPZ7nDspRASVPgkuRqTRbGzfyddDQMsUdp:6v/7RUomPhuGIE6O
                                                                                                                                                                                                                                                                          MD5:E54751215667E0A5E98C2A4A963F0B39
                                                                                                                                                                                                                                                                          SHA1:558CBD9217663E87BB58772923E0926FAFF0E8E0
                                                                                                                                                                                                                                                                          SHA-256:B4950808D79EB679E3B0ECC6C14F44416F1588C37BEB88CD852C37856FBA0783
                                                                                                                                                                                                                                                                          SHA-512:00BCBE15428887BC333A3B8C3C86C97D3B7C5280A2141F61870A8C8796C7840BFB3A3AFF2291F84C76830D6C20C0B7F97DCEAEA26B8830DFE7FEF62BB44C3945
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...tIDATx.tN...0.."..:.F.`.6.JJ..4y..$......t..|~...Z..G...V.-.r.C4..A;...p.eIj..9.. MHp.R(.D.{........i...0...o|.....eT.G.8....IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\trservice[1].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1676)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7449
                                                                                                                                                                                                                                                                          Entropy (8bit):5.35860433799558
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:9ZglSUeKMkQxpJL2wLIaoB7FjayqTKYI1dL:9Zix3MkC3L2w3In
                                                                                                                                                                                                                                                                          MD5:3FC9E790E0B9941E8C7A20B0832E2139
                                                                                                                                                                                                                                                                          SHA1:3A0BF72FDBAC019EFB1B41B4109E863B05A7ACA4
                                                                                                                                                                                                                                                                          SHA-256:B86EFEBAAB5B0EE1DC91A18343C03480FF5B3873D0AFB8D8B409C3B5AEED8543
                                                                                                                                                                                                                                                                          SHA-512:310190C8FAF2F3D0ACFF1CF3ED9C328B9E461396ED2B94557007314F9A4E9A11D5D812BE20B0BF6F982EE77BAB8740A798F2D77870373E425E61ACD594D46424
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:if(getBrowser() == 'IE'){.(function(a){if(typeof define==='function'&&define.amd){define(['jquery'],a)}else if(typeof exports==='object'){module.exports=a(require('jquery'))}else{a(jQuery)}}(function($){if($.support.cors||!$.ajaxTransport||!window.XDomainRequest){return}var n=/^https?:\/\//i;var o=/^get|post$/i;var p=new RegExp('^'+location.protocol,'i');$.ajaxTransport('* text html xml json',function(j,k,l){if(!j.crossDomain||!j.async||!o.test(j.type)||!n.test(j.url)||!p.test(j.url)){return}var m=null;return{send:function(f,g){var h='';var i=(k.dataType||'').toLowerCase();m=new XDomainRequest();if(/^\d+$/.test(k.timeout)){m.timeout=k.timeout}m.ontimeout=function(){g(500,'timeout')};m.onload=function(){var a='Content-Length: '+m.responseText.length+'\r\nContent-Type: '+m.contentType;var b={code:200,message:'success'};var c={text:m.responseText};try{if(i==='html'||/text\/html/i.test(m.contentType)){c.html=m.responseText}else if(i==='json'||(i!=='text'&&/\/json/i.test(m.contentType))){tr

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\upgrade_bg_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 3x187, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):475
                                                                                                                                                                                                                                                                          Entropy (8bit):5.48329759292983
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P+Ec2bF5nY0HNb/IOyIcsCypG/+jLlxRob:WjJdY0tb/IOyIxQ+2b
                                                                                                                                                                                                                                                                          MD5:0B4A6BB754AFDA08B6FBD49BA1EFA169
                                                                                                                                                                                                                                                                          SHA1:A21090F1CE6BAE2E4694F2E07DD21572DF18CCE8
                                                                                                                                                                                                                                                                          SHA-256:A840D3858CDB1076474B6B7E7D1B0A8C89231FDB684ABA938D14CCC832F8AF70
                                                                                                                                                                                                                                                                          SHA-512:FB275DEA5A81F17A3559404563C01AFEEEEE59725F39CA4AB4E7E4FC1C9CF5DCC290E05948D92F6FB8542F20A41FAAB08B1017A76EA7A902D236519C0DA9EDD5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................................k................................................................1...$.!."..#..B..C.D..E..............................?...U...|$.!<..%.DEB.......ifc."....2H.%..r`.,~.?....G......J.D."e@2X..,...yp..E......<.....n.*y..`.,.W.......j.t.....E.Y...`...`...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\used_space_bg_1[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 79x56, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1283
                                                                                                                                                                                                                                                                          Entropy (8bit):7.2418663649237915
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:70o0XxDuLHeOWXG4OZ7DAJuLHenX3TTHsUzyoELwVmjLg5ZNAb+Xz9lW4p39ljF6:7FuERAFTxzFEGmjLgKb+DrW4p39ljEDj
                                                                                                                                                                                                                                                                          MD5:6C08547571B06B162F29ED979C2759D2
                                                                                                                                                                                                                                                                          SHA1:59D2C0457595CD9456BE13871B56EBBA61056EDD
                                                                                                                                                                                                                                                                          SHA-256:C58856C3D53549215EE7386434212DA798BE24D5B359580641F0FF9CA9F9C49F
                                                                                                                                                                                                                                                                          SHA-512:C248F7844610A5DEC6CB0D5A3A6F0CB4ADFBE7BEE3ABC5EA01937CE103E7FBCD17118EA4E8855861F4E34B4ED980EDAFE94502FBE70B6E62E59D24FFBD91CB12
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....`.`.....C....................................................................C.......................................................................8.O.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....g..+x...W.........K5.. e..s..#..G..;...q..|5~.............*.~.G...T..Ei.....U.V..O.......~J....x\...G.........Em.........S/.U.........+.;...q..|5.c........W.U.../.....o..?.U..?..._.'........}...x\..._.TQ.........P..UW...........c........W....../.........r.:\..f0.#`.l......p..E....).?H...bW>#.).:5..Q}9..Sz<7<=EV.!............M...h..X.uSG.......^....V....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\wizard_saperator[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x221, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1697
                                                                                                                                                                                                                                                                          Entropy (8bit):7.350329349187674
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:Tx21oZo/bvDsQCA56U9ainUbWaPVV+A8MoPMp/XLgTtXKXeVhVhKZAw6hNNw3rDj:T8mZoR9ainhaPb1dTkUMrNK3rDAEf
                                                                                                                                                                                                                                                                          MD5:F3348F91D1874259B7E583C018F386F3
                                                                                                                                                                                                                                                                          SHA1:35AC0AC73F11772C2B5DFF8B56278EC409C790D7
                                                                                                                                                                                                                                                                          SHA-256:B42A6CDA65686CB93B9B55640336C5DF4242E6BC5AA8A280F1013C46D481E061
                                                                                                                                                                                                                                                                          SHA-512:4E3CCF80BD42D81CE47DDF1E08BB02575AC1A2CECD5290D32E4ADA651A75F76481A30F3E7FE0B69BE81411258D7483A74FCAE7A5768F26BED40E2DCD0ADAC1DB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d...................................................................................................................................................2.............~................................................................!1..AQaq.2.........#."R3Cs.%B....$.rSc.4..............................?...Z.?.{...b...@ .#. ..n^....@ ......K...".!...x...'.......H .@ ..0..{.U..t...k...W.;....E..e.....1..@ .r.........0Ap-........n..................u..eA.>...1}M...AM....@.......?..%.n...k1.3..zv u...^.|.AM..={.....t.P.4NI[....EfS.......H.....X.$....[...+.tt.....w....x..A.P.'.nv.|...n....O..#.;PSA.r^.lPUM`C .....E.......{..'...(."..a..b...3x.u....S.086...d..K..Cj.h.....o.....zj..}@..s.d...2w...).......A]..e.ws.E.]A.&r....Q..pC7..).{<B......N[.{$..'...?ZE..h.....1..,.&.0.LN...Ic..O..!.6.LZ>2AU3..G...q.K.~I.....a.=.....u...GQ.V.."a..L@.......#F...PUlB.`...UL..x r.-.xr.W3.'.?..F.(.z.......8........8..FP..2v.D.O~.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Collapse[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 13x13, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):558
                                                                                                                                                                                                                                                                          Entropy (8bit):5.699463545646349
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0DkTLMvgs7tkr1PIHIHFDRJ280vQmoiUlJRKRX:TmL+tg1fZRJ280v0iyYX
                                                                                                                                                                                                                                                                          MD5:D7010E4FF5DCECD4CA9539D48FFE7E14
                                                                                                                                                                                                                                                                          SHA1:A4E596326110AECD1CB95AA1CF0E9A72B28D8D9A
                                                                                                                                                                                                                                                                          SHA-256:8F1F05217E8423CEC1AB1B0EB098176FE65923A38C60F60EE60F1C6FD44DA04A
                                                                                                                                                                                                                                                                          SHA-512:36BFCB6D848DCB7888E51519BF8A8825A98D3657FDD08B31B5FF7164CC0D9FEE5A5F3F0AF409EE8C5360745764E5027ACD0BB514FCE6BB167E51A5CB438B7D52
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................g......................................................................."$5.....................!A.1."............?..o2...0.,..?2.vW..C.......|.sM........1.{ .....6."..>ra....(r....%.f.".....7.6..7..S #.....x..c.G..w}-....QRT....Hd4....Yb..(G.X..!.R...%A.W.....Z.I..6d.!s..*k..,!....}.uY@.~.Y........,..2........{..V...O.rW...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Fix_errors_n_right[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 31x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2517
                                                                                                                                                                                                                                                                          Entropy (8bit):7.395276027659651
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:NpNn2WGJ3RVpvT7v30kOWidlqUau3/micLDTm0fPLRO2w:921VBT7v3TiqFuPcnq+dw
                                                                                                                                                                                                                                                                          MD5:CFE9DC9C8B3CC6089EA521659FE5E8F8
                                                                                                                                                                                                                                                                          SHA1:2FF2006511AB1A6E5073D7DE3EB45536B1E60121
                                                                                                                                                                                                                                                                          SHA-256:841146907493667DCEFB3EA1D3F8BACB1D4481EA3D47FF849B80E761B42E8C9F
                                                                                                                                                                                                                                                                          SHA-512:226D4971E4F7F1A83649FB8A34203CC58E3E1716556F521D4751642025B473F8C934D2682812E86311CDC45ED1CAC0DDBDF7324B77DAD34D5289D6BCEEF1574B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.4 (Macintosh)" xmpMM:InstanceID="xmp.iid:22267112E8C811ED9963DEBF30B4BE93" xmpMM:DocumentID="xmp.did:22267113E8C811ED9963DEBF30B4BE93"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:22267110E8C811ED9963DEBF30B4BE93" stRef:documentID="xmp.did:22267111E8C811ED9963DEBF30B4BE93"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Green_strip[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=49, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1], progressive, precision 8, 1x49, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):29473
                                                                                                                                                                                                                                                                          Entropy (8bit):6.171015911554807
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:8+YNg757i8QYNg7XGnXiKv51kmBJqkWAy8zYH6tEyj45zDiY6HcfnB0h:8+Yyd7kYyrGjhCkvzYHQEQf7h
                                                                                                                                                                                                                                                                          MD5:B08E530836F1C5FE740A084EBC0A0DC3
                                                                                                                                                                                                                                                                          SHA1:5968E375212BBD0325F1F12F6C9F9442EDA5C334
                                                                                                                                                                                                                                                                          SHA-256:1D05DEAFE549E92482AAD471CFD9D07006373EA48009C9B0B5D698CE153AB433
                                                                                                                                                                                                                                                                          SHA-512:AEB2C03791EA70297F018C53587E7DEF767A86B2DEA7956495801302190787EA7700E945108DDF7EA6BF3022C98715C8D2F242241640EDF40E735975CE7A3665
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.....MExif..II*...........................1...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2014:05:01 12:52:15.............0221................................1...............................n...........v...(...................~...................H.......H............XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Small_fixerror_n_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 12x36, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1781
                                                                                                                                                                                                                                                                          Entropy (8bit):6.998674608255233
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SqQNn2xtgrJJ3DNXVa/RIgxtFJZJBh6PwM95o1:bY2QVa/RImpbiPrQ1
                                                                                                                                                                                                                                                                          MD5:13C0424E857344B8D560D2856F848FFA
                                                                                                                                                                                                                                                                          SHA1:0CBB55D91A1D9B5B86AC3D560C58D1ED56DF85E4
                                                                                                                                                                                                                                                                          SHA-256:461C1A406626D2FDA6A4EBDC4C8A055BECD974F0AEE80C8A780010899F78B45C
                                                                                                                                                                                                                                                                          SHA-512:D8B88F0AFB6CD16BBB5868C3FC07E0DE3DE345EF43BE9DE9E45DE4364C6F1D8CAAC9D864ABC15990BAEE095F76F5C838F911EF10AE32AB343E34E67D3D1B09C7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:72C8B5DFD9C011E389D7BE2188297368" xmpMM:DocumentID="xmp.did:72C8B5E0D9C011E389D7BE2188297368"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72C8B5DDD9C011E389D7BE2188297368" stRef:documentID="xmp.did:72C8B5DED9C011E389D7BE2188297368"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\about_mgcp[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 204 x 43
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3050
                                                                                                                                                                                                                                                                          Entropy (8bit):7.674855505563946
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:rqQNn2xkb1brJ3mbQZbpL8OLyuNF/Cz7SnHBLik+LWFY3P0rUxVqHLVeB7F4:2Y26b1bcbQZbpMkF/U7MhLiDLHP0r4Fa
                                                                                                                                                                                                                                                                          MD5:8C6ED123B24C2368EB6CDDC5A8BF6A05
                                                                                                                                                                                                                                                                          SHA1:EF49FB19B21C93CDCFC93E32C2091D5A57F1256E
                                                                                                                                                                                                                                                                          SHA-256:07E76798FD57BDE57AE74741F39FCF384450E32302F2190A043F98968AE59C80
                                                                                                                                                                                                                                                                          SHA-512:58C53D7A0B0471802665F47CEC7C67F24BA1C3C9A6073CB2F9A678C42E6899B3062F25718EB72D7FC203FC14D34D927E6CB27D83CF35EC4293BF7C4F9986EF19
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..+.......DDD........"""...333fff...........UUUwww.........".......f.....3.....w..D..U...........!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:8232AA6EC0A411E39E6E9C6ED6ED750D" xmpMM:DocumentID="xmp.did:8232AA6FC0A411E39E6E9C6ED6ED750D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8232AA6CC0A411E39E6E9C6ED6ED750D" stRef:documentID="xmp.did:8232AA6DC0A411E39E6E9C6ED6ED750D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\afterinstall[1].htm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):194
                                                                                                                                                                                                                                                                          Entropy (8bit):4.740984292214869
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:q43tISl6kXiWHiHuwWSU6XlI5LP47eIpfGu:TPdHiHZVvlI5r4NGu
                                                                                                                                                                                                                                                                          MD5:EC0F2D6D8DA7997A10F72A2537729E59
                                                                                                                                                                                                                                                                          SHA1:D6B8CA36F266D92775F5B757E65B8C10C747C30A
                                                                                                                                                                                                                                                                          SHA-256:95E1144AE5FABA1D6EA1AC58B29B1E8D0399125E4DBC6A17D50D0BF5CF3BDCF8
                                                                                                                                                                                                                                                                          SHA-512:AC07FCC825E53146730E857A4187AE906AD1F9F3B0B149488377218328D1315096E6068181C76BC95219B7D9AE2B7E91BA4923EB502E684371E313BA952EDA8B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.14.0 (Ubuntu)</center>..</body>..</html>..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\afterpages[1].css

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9609
                                                                                                                                                                                                                                                                          Entropy (8bit):5.088634204968687
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:uilLJZ/t1RIJKBaOb5kZLTCb7MjDke/JSZaM9Odwz/Yh:pZNIQDb5uTCb7MfkeB9M9OdwLY
                                                                                                                                                                                                                                                                          MD5:07DF8D53CD9ED64B6C8485E8FD2C87A1
                                                                                                                                                                                                                                                                          SHA1:21AACA6E02B682E7BD4BDD6F9EFFC597193ADDEB
                                                                                                                                                                                                                                                                          SHA-256:3F64382088A3A1BBA7A19B673BAD54163630010885A4FB2AD8DC0F855EE95A1B
                                                                                                                                                                                                                                                                          SHA-512:893DCBA1E558C052E9B422C9AA7F605518C4C3C87CAD4B4BCBEDD42DE253C28BC887728BD0B17BEFDE0BF168FBBFCBDFBFB8AD94B87685FE6B071AC7DBB4D128
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:body{ background-color: #f6f6f6;background-repeat: repeat;}./* Header css start */..top-header-row{ background: #000000; padding: 21px 0 14px; border-bottom: solid 1px #4d4d4d;}..header-menu-row{ background: #323232; border-top: solid 1px #262626;}..header-menu{}..header-menu ul{ overflow: hidden; margin-top: 3px;}..header-menu ul li{ float: left; padding: 3px 15px 6px;}..header-menu ul li a{font-size: 12px;color: #dbdbdb;font-weight: 400;}..header-menu ul li a:hover{color: #fff;}..header-menu ul li.LightGrey a{ color: cadetblue;}..support{ border-right: solid 1px #4a4c4e;}..signin{ border-left: solid 1px #000000; }..header-menu ul li:first-child{ padding-left: 0;}..header-menu ul li.signin a{ color: #d1ff57;}..header-menu ul li.signup a{ color: #00ccff;}./* Header css end */....footer{background: #000;border-top: solid 11px #1570a6;}..footer-menu-outer {overflow: hidden; padding: 20px 0 27px;}..footer-menu-col {float: left;}..top-link-col {width: 175px;}..footer-menu-col .heading-6{fo

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\arrow[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 10 x 10
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1211
                                                                                                                                                                                                                                                                          Entropy (8bit):6.747340888194936
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:Pp1al1hI+Wwjx82lY2T3BkVdMraaSrFyJ3VMr7MsjrqGY8y6l:ReWHNn2qQra1r0J3qrdjrqL8yw
                                                                                                                                                                                                                                                                          MD5:100EC2B99D956D35C7A5FEE00565BFD2
                                                                                                                                                                                                                                                                          SHA1:E0EEBBFC68B5DFF11CF97806025B7583832F4D91
                                                                                                                                                                                                                                                                          SHA-256:1C99729F57B05A1ADA556A75C961CF66FF8051AB7D49B1958493CA8C08C8895F
                                                                                                                                                                                                                                                                          SHA-512:3BC2226B53B8677DBB74EBCD7471CF80B634C3163DCE0C4DE03B08F0B0ADA72BEDF09FD16C20A96F5BFE709910BE12FA573976F04688A05FA74E23E3ACBAD997
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..........<<<...............333...ooo............iii...................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:066B37D535AC11E0AB53B800BD030DE7" xmpMM:DocumentID="xmp.did:066B37D635AC11E0AB53B800BD030DE7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:066B37D335AC11E0AB53B800BD030DE7" stRef:documentID="xmp.did:066B37D435AC11E0AB53B800BD030DE7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...........................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\awards[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 166 x 53
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4133
                                                                                                                                                                                                                                                                          Entropy (8bit):7.829445839884689
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:2eLaQhx1f3wiw1eMdEISTbq+D0T6lvTS2euC:LOoz28JIST2A0TKGuC
                                                                                                                                                                                                                                                                          MD5:10EAEC1445E0F0076343D197BAFB31E4
                                                                                                                                                                                                                                                                          SHA1:67634F29BEBD2298C481BAA352055BAB265470E7
                                                                                                                                                                                                                                                                          SHA-256:2C5CC3C5647A732C874E03223B42185177AF0687A0F02F6DDA87EA9C416D9E61
                                                                                                                                                                                                                                                                          SHA-512:C1497BF3AFFB1FB1F0AB0360B914F7CE03833E7752A04DACB1A14BF3AC454114E1C7D9EEF3FF4699CF1FB2F73ABDDB45649C6331111B1BE9D47E04D10A4404C5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..5.....................................@@A?>B..GUU\==ABBE;;=GGIAAC??A##$...lln......JJKIIJEEF...yyzwwxUUV.............................*.L=?O=>E........... &C%*B*.B`dx;<A."C-1B(+7......46=8:A58B..CCHVglz347=>Aefi.)B&.B!#(..&*1A16APVdpw...... MNP............!,A.%4-4A......9?F............NOJ{|u....."..1--$......>><<<:...~~|887...........1..9........4.."..;tm(e`5..6..5..<..6.8..:..6..5..5..;xp<..6..8..=`V'.z<kje..;..7.9..:..<..8..:..8.:..9..9..<..:SI'UP@..:..>ma?_W@ID5..;..;..;..>..>.p?|k?GE@..=.=.=fZ@NJA..=..?.>..?..?.z?uc@DCACB@.>..?.sA.?..1.m-IFA....r,.w2._(yX&N=$91&.....$..=.....=..R..e..u................................................................................................................tttgggeeecccRRRQQQHHHAAA>>>===;;;666000,,,$$$###...!.......,......5........H......*\....#6..a..7y2j........h......$.\......`..M.}..'......i..#.1_*].)..2...DU..P>.i2.h.$...T.*...N.]....>..6r.(."Q.....)S..r..1.....j..a.G.cI..e.4K..L.d.2t).cI}\.9...i..]9...S'O.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\back_arrow[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 14 x 14
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):183
                                                                                                                                                                                                                                                                          Entropy (8bit):5.377128459525108
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:ChXcXWkvUTV13TCzdR3XNylEJ9lnOiN8+ttiop0/glEn:wXhkvUTXGzd9BJH9N8+tIo+n
                                                                                                                                                                                                                                                                          MD5:3DE7B536897BCEA6A56B4F60E92C9235
                                                                                                                                                                                                                                                                          SHA1:761515517A74AA5E2C23B2DF2CB010744349FE44
                                                                                                                                                                                                                                                                          SHA-256:F8459C1E96F476828E4F05B9D7E25548ABEDA26E5364864070F5B586778C8861
                                                                                                                                                                                                                                                                          SHA-512:AE0831737BE24541B3C78CD079F4656F7A83F5B24529DEAB96F3E706A52D8A787A7D7DFA94C85493562347C9A54994C9EFABA92ADA32624D61A03D8B3FAA3D4E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.............r.................{..u..t..z.....~..}..............[......................................!.......,..........4.$.di.h:..#.E.!...D.<......!)...Q....G.[N..,T....U...;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\backup_status_bg_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 210 x 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):79
                                                                                                                                                                                                                                                                          Entropy (8bit):4.38325913202526
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CdHThYqOFzl7/lTkU2QLaFbFSn:8TkBlhsQLaFU
                                                                                                                                                                                                                                                                          MD5:D626A6C89FFD55872CC793483654F2CB
                                                                                                                                                                                                                                                                          SHA1:CCD125F5286876F6F1218C36F3B31C91E9B242F5
                                                                                                                                                                                                                                                                          SHA-256:B514FCCBACA6BABB6F6DFD28183DD660B348730677AB67ADD1EEA3F52EC94CB1
                                                                                                                                                                                                                                                                          SHA-512:3044308BF1A94777EA17B60F31F8DBEDFF53077D60591BD0D80D46B18B94448D9A6CD9AFA59D8101F9AEFB2884CA33B00863F772AF30A73CAF07D393A780ED7B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...............................!.......,...........(A..0...%.......^ $.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\backup_status_bg_top[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 210 x 84
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3595
                                                                                                                                                                                                                                                                          Entropy (8bit):7.654710595609767
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:lIW10z2uLcnv7e99EGef3ucqHg0ctSkgrXO5bUwbPk:W5SnnC99EGefsHvcisbUuPk
                                                                                                                                                                                                                                                                          MD5:AE8BE9E73C91224A70D9E1A117B2A88A
                                                                                                                                                                                                                                                                          SHA1:4D2CA2B08A78B4783DC158B5BAE6EF3EE22E76A0
                                                                                                                                                                                                                                                                          SHA-256:65A58C423B3F9EFEEA1FC5C14240A4B42050E362B882B30B113C43D8AB1C27B7
                                                                                                                                                                                                                                                                          SHA-512:BC18C6FB6A5957D0775F154FF368E374C1637E39CC113EDF7D92F77F335D21AEE4AF42E8D61F53BF985C4925A0ADC2A9FEB346CE0EA249AA76A9D8ECE809AC52
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..T....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,......T.........,...=.*\....#J.H....3j\(bF f........%(S.\...0c.I...8s.D...1Y"y..t...H.*]...P.J.J......2$...bW..K...Q..../E.II..K...x..........{.G.@..(^....#K.L....3k...AR.B..M....S.^....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\btn_Upgrade_full_version_hover[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 246x43, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3460
                                                                                                                                                                                                                                                                          Entropy (8bit):7.602208474352046
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:mPPf1bdh0pbpbpbpQ18onGRCrotVHX2PrEF:zVVVGjnNUPFF
                                                                                                                                                                                                                                                                          MD5:1EFA477832D951898F8AD2DD8EF1CE11
                                                                                                                                                                                                                                                                          SHA1:6D624B6147786C2073F4948744FE76526A694911
                                                                                                                                                                                                                                                                          SHA-256:286EFB4769909CB870690353CED248046316A694D3A817B8B697D1675CB574BE
                                                                                                                                                                                                                                                                          SHA-512:88F7FA51DD0B5E91B3E609A9158ABDBD10C8F7F7B007255C784B28C6FA85B30D984B15491771EA4CC78DAEE8AC5AA4CFBC98AF4F08DD4FB2AF2CA8D3B3AE21BE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:5A1D811A328711E090BD9AE5B96089A0" xmpMM:InstanceID="xmp.iid:5A1D8119328711E090BD9AE5B96089A0" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3061418A30F711E0B34EC4408192046E" stRef:documentID="xmp.did:3061418B30F711E0B34EC4408192046E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................+.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\btn_Upgrade_full_version_hover[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 246x43, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3460
                                                                                                                                                                                                                                                                          Entropy (8bit):7.602208474352046
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:mPPf1bdh0pbpbpbpQ18onGRCrotVHX2PrEF:zVVVGjnNUPFF
                                                                                                                                                                                                                                                                          MD5:1EFA477832D951898F8AD2DD8EF1CE11
                                                                                                                                                                                                                                                                          SHA1:6D624B6147786C2073F4948744FE76526A694911
                                                                                                                                                                                                                                                                          SHA-256:286EFB4769909CB870690353CED248046316A694D3A817B8B697D1675CB574BE
                                                                                                                                                                                                                                                                          SHA-512:88F7FA51DD0B5E91B3E609A9158ABDBD10C8F7F7B007255C784B28C6FA85B30D984B15491771EA4CC78DAEE8AC5AA4CFBC98AF4F08DD4FB2AF2CA8D3B3AE21BE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:5A1D811A328711E090BD9AE5B96089A0" xmpMM:InstanceID="xmp.iid:5A1D8119328711E090BD9AE5B96089A0" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3061418A30F711E0B34EC4408192046E" stRef:documentID="xmp.did:3061418B30F711E0B34EC4408192046E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................+.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\btn_Upgrade_full_version_normal[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 246x43, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3253
                                                                                                                                                                                                                                                                          Entropy (8bit):7.491195740243795
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:mqWHvn3ydvJ3UnxnmO1FRxHKRxHKRxHKh71Mj/VEJJJJJJGMbqL:mPPCdwhmOFxHWxHWxHE71MjaJJJJJnE
                                                                                                                                                                                                                                                                          MD5:94AD9C8F95F04D81B89F78193659A074
                                                                                                                                                                                                                                                                          SHA1:E78FBFEA3C31FF0A52F8E88F0BC4AFD75C2EE2D7
                                                                                                                                                                                                                                                                          SHA-256:C444A5EDBB6B7FDCFB1B768DC1355F040B02A4F52456019DC0169E730B1467A6
                                                                                                                                                                                                                                                                          SHA-512:831E6ADB4ECBF3EEFBEEEC661B4B84E5A032A112B1F5F884DAFCE91B6C5807C994A26D95673D54E6C4C7FF26F35FF08891B3FA94BB22A23DFB24499569D4C764
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......JFIF.....d.d......Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:45D2F642328711E0A650D2D1AC0B237E" xmpMM:InstanceID="xmp.iid:45D2F641328711E0A650D2D1AC0B237E" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3A731B5C30F711E084BDB0CE19449C6A" stRef:documentID="xmp.did:3A731B5D30F711E084BDB0CE19449C6A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................+.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\btn_blue_left_h[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1469
                                                                                                                                                                                                                                                                          Entropy (8bit):6.643691162514245
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVqM3hyJ3VqmLk3YGYGsvEtfsiwxjPoduxoNMS:/qWHNn2qEEgJ3ECcYvwwJwdui
                                                                                                                                                                                                                                                                          MD5:E76644C4CF5658B2176D764284858068
                                                                                                                                                                                                                                                                          SHA1:2EA01603BE5CAB32C15578A04C43362E62712BBA
                                                                                                                                                                                                                                                                          SHA-256:B75AD0CD5B7DD7E0E57DC58E84382E4AC826CB49ECB7BD06010E5E92FE0507DF
                                                                                                                                                                                                                                                                          SHA-512:677B24DAC82D8A66CAA91B553AEE2DECD5853D7734E99422B9418C30654315C1D7F270A52FC037C2DE6FA8FD713131418E88C9FFD34C1CDF1A2F6C1790CC3128
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:A08A1A3E380111E090C3A6392D459341" xmpMM:DocumentID="xmp.did:A08A1A3F380111E090C3A6392D459341"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A08A1A3C380111E090C3A6392D459341" stRef:documentID="xmp.did:A08A1A3D380111E090C3A6392D459341"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\btn_blue_middle_n[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1228
                                                                                                                                                                                                                                                                          Entropy (8bit):6.137083134740419
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVSc9gc9yJ3VsczMB4cyGsO4sOZd/5I:/qWHNn2qiJ31Nbd/5I
                                                                                                                                                                                                                                                                          MD5:444ADCCE83FED8BEEDA5C2C8FAF46A9E
                                                                                                                                                                                                                                                                          SHA1:7509312BCB2E109B64DCAA25C2133DBB09A101A4
                                                                                                                                                                                                                                                                          SHA-256:27C5BC82673CBF72602439E810E5BED93BFBF5042043FB4C3496DC505920B1CF
                                                                                                                                                                                                                                                                          SHA-512:295664C404228E963D739CF2202865F16FD0E571F7AF395B3A459A640AB2787A49A5D9067C38E45158F4EB74568C7DAD140D680CA085554329F74615348E2D0B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:9ACC3BF8380011E0AED4F58081FEB6FA" xmpMM:DocumentID="xmp.did:9ACC3BF9380011E0AED4F58081FEB6FA"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9ACC3BF6380011E0AED4F58081FEB6FA" stRef:documentID="xmp.did:9ACC3BF7380011E0AED4F58081FEB6FA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\btn_blue_right_d[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1552
                                                                                                                                                                                                                                                                          Entropy (8bit):6.806714152273551
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:/tK1hI+Wwjx82lY2T3BkVFBdyJ3VUxEGsvEqjsCkAuNizyZWbkff:/qWHNn2qKJ36EI6uszwvX
                                                                                                                                                                                                                                                                          MD5:E66DE163B9173ACCA30F4B8993F83CC6
                                                                                                                                                                                                                                                                          SHA1:843D72C1FA6828B85138C37AFD8838267D30C23B
                                                                                                                                                                                                                                                                          SHA-256:262170F2F28304F3AD63E40290D84A70581393337965307569359BBE6E6FF1F7
                                                                                                                                                                                                                                                                          SHA-512:E384B7FF91F43979F956378186BC7B62474CFE43D3D650B7E3F24D0FADE64AF1A1EB5341289927566E231BB6DF82D422B7F5E346A9128EE384F50A35E2F45476
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....!http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:1CF67880380211E09926A78504C59CE8" xmpMM:DocumentID="xmp.did:1CF67881380211E09926A78504C59CE8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1CF6787E380211E09926A78504C59CE8" stRef:documentID="xmp.did:1CF6787F380211E09926A78504C59CE8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\btn_blue_right_n[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 15x53, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1617
                                                                                                                                                                                                                                                                          Entropy (8bit):6.787060816969051
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:5K1hI+Wwh82lYSKwSCf1EVANT3J8yJ3V7lGsvEIGZQlNystaLfJbtZ/YGPLHifsW:mWHvnL+EGdvJ3n0ulNRKfRtZ/nOkW
                                                                                                                                                                                                                                                                          MD5:65C1AB35DB520F52DE42031DB06475C3
                                                                                                                                                                                                                                                                          SHA1:D105F4DD16A01FB34226A4FA336A7392B5891CC7
                                                                                                                                                                                                                                                                          SHA-256:534C6C36173235DAC2A1E9E282E16A9CB5C3E917F01671EEE26558B5E417D47F
                                                                                                                                                                                                                                                                          SHA-512:2A4192E27253A204CF039598C3EF6E4DC095AAE0E1F88D1451DD4AE746CB9883688AE3E98249132238FC5DFA052BC9A4CD72C2FB82FB0C2A58A9FC61257F4086
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....ehttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:90BD1A34380011E0946EEDA09C79EC90" xmpMM:DocumentID="xmp.did:CC2570C2380111E08E95F96F3B6A1BB7" xmpMM:InstanceID="xmp.iid:CC2570C1380111E08E95F96F3B6A1BB7" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3A28C5D0CD00DF119952E8227A1E89A1" stRef:documentID="xmp.did:90BD1A34380011E0946EEDA09C79EC90"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.......................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\calander_icon[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 20 x 20
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):245
                                                                                                                                                                                                                                                                          Entropy (8bit):6.654352779428392
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:bPDwULLXHiFb44GA3NrRJNyH7BCUM2w35LGN0:r8UL2FfBYHVUX5qN0
                                                                                                                                                                                                                                                                          MD5:BF4F569025DD8BA6F5CF2FFEE6A802A4
                                                                                                                                                                                                                                                                          SHA1:1C38B3244EB04FE1487435876D9589280BF7BF45
                                                                                                                                                                                                                                                                          SHA-256:99E7E6BE63502DBD33F3A647CAAE6A411D0FDDDB09C08454158A7B03B84B1D8D
                                                                                                                                                                                                                                                                          SHA-512:9D651EE119308B25AEAC807B58534734B67DAE91BA9BBABD00C7793BD299B076BC99FED92B181E85FCD3A63D15794E43DE2D404B2DD4C6D8C57968A5463592BC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......ii.33.................##.....""....NN....AA.......... ..............UU....KK.............!.......,..........r`'..'..w.,[.b...fc.......gH,....8.<2.4...6.....f.-....d...Mw....m...p.;.oi....c`.D...Z...AW.........-.KD.0si!.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\calculate[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 19 x 19
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5359
                                                                                                                                                                                                                                                                          Entropy (8bit):6.954903601507637
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:h80GbU/kgsWrO5blAu8zx3P0BviGTZVDZ60lhtePyAxlb0wuXeraVWorwL/nxP+v:rygj6P7FT/LhtePyAxlb0wTrroUnQv
                                                                                                                                                                                                                                                                          MD5:A93744DEA3EEBA9C355D0817FFF0A575
                                                                                                                                                                                                                                                                          SHA1:26A9BC595D2373C3B124D836E47A328FEA59486A
                                                                                                                                                                                                                                                                          SHA-256:7FAE0F50E85C766E40D22B8C8A851599D2A41B9E9F4E01A180ADE2850E0F038F
                                                                                                                                                                                                                                                                          SHA-512:B4F56C80F84099349745A9F4AC983EB9F85C4F30435AD20D5C2B919BDBB9B136830B6A66AEAFA9E0638806648ECD72EF605FE0903466C4D338CF9C088698E69D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................LJL............dfd$"$............dbd.........|z|424TRT......<:<............LNL............ljl...................|~|464............................................................!..NETSCAPE2.0.....!.....,.,...........@.P..>..ah.d!&..K..B....T2$..`a.,....4.V........-..(.....!..&W..,.o....C&.,&#..K.'...\,...KC..(...jB...(..)...%....*.B......%.z...(.B..R\..B..."%..# .."... .B&E...K.....(.......Jj..$)L@0Q.N.d]N......T.<l@.dD.C.>(...8.. 0..$..!...../.,..................DBD....dbd............$"$trt......TRT...................ljl424|~|.........LNL....dfd............tvt......\^\.............<:<.......................................................P..2*..j.|...b..z.4.D.5.a"/R.....#.h.t:.UE2YT.,.+T..D..#(#$.'N..m..."/.KB"d)...i.. ..[m.-.iC,...)),C*$'.......'. ....B.......z.#.+.B,.E[).L)-.....$."Z...&E+)C....$i$.Z.......$.#.B.l.>|`.@A...(...d....<(("B..dC..."A..B"0...@.3.A..!.....0.,..................LJL....dfd$"$............tvt424.........lnl............

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\circle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 79 x 79
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1301
                                                                                                                                                                                                                                                                          Entropy (8bit):7.478124670255349
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TuMHigBVwT/CjfrFZv9qev+zk6917eFsnm8GDyhGQaaBxfi5Swgle:KMnYYDz+zte8VBk8K
                                                                                                                                                                                                                                                                          MD5:918E19B2D624A9D4DB73D86F3B76BC2F
                                                                                                                                                                                                                                                                          SHA1:DE67CE22BBF59BCF606E9081E0159D0288566C3E
                                                                                                                                                                                                                                                                          SHA-256:6C7FFC0EB36282595BCD806064792E4ECE94CFADF7F35863046D517D20B9B519
                                                                                                                                                                                                                                                                          SHA-512:BA4C2F95C7803CA059B7ED4AC2241B266902DC3CC7173A76F4305E629BC449EBB0AC766FC00A84F0CC31F04A580B643ED90A4F2872C6EDA0773CD4D2B5072685
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89aO.O...........................V@.dN.o\.zb..f.o.y...................".L&.O(.Q*.R,.T-.U..U/.V3.Y5.[6.\<.`?.c@.cD.gE.hF.hM.nO.oP.p[.y_.|`.}b.~c..e.d.f.u.v.x.................................................................................................................................................................................................................!.....\.,....O.O.....M..............ORTVXZZ[[.XVTRO....OSX.....XS....OTY....YT....R....XR....KD;7.&!....!&.7;DK...OU..9........29H.U..S..B,......,B...2...+...@.a?.;.....K...p...!....H%U...S.{Q!....P.9.....RU......6..a..N^=..P!.i.....*y..C.X.!hy.e().*..J.....F:r.qK..e..HrJKEGWN)A.7..%..8.w.h.3P..%..a ..,.y..............@....-.B;.r...(..\U....SQ...A.1..N-1....m..5!.EHq.BN-.tZ...2..zr.@..}3.8..y...sH.~....-.79.....nc......}.A^..m...q.pJ1=.`Y.t.D^.(. Y....i'\........X.PW.mECbS....X.2.)0:%c.5.."&Z.x.9.d"....a.*....k.na!.)e..`.B.R...T..Vr.`ZM....]:$`r..gY...w.{....>.-9.ys..&..]..7 .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\down_arrow[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 7 x 4
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):49
                                                                                                                                                                                                                                                                          Entropy (8bit):3.864678603140797
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CHzRtwlaJAeBe:Wz/Jy
                                                                                                                                                                                                                                                                          MD5:282D0DA0822446D6A5DC6F6406FFB6C5
                                                                                                                                                                                                                                                                          SHA1:3379AC31B94B1E8E8879C46F0975A416634F0A03
                                                                                                                                                                                                                                                                          SHA-256:46C19A4CC0BB4E20AE0B253C2F8C1B8952A155747DF22EC9291897F3F7484CAF
                                                                                                                                                                                                                                                                          SHA-512:EF76C0CAAFCC198C98C579AB9F1CD2DABDFC0BAE2784E2418ADDB7D58537E00CCDEF3BA4D18E404B6CE435EE43E63420B47E1A34864DD7164CEA3F57DBD7D25D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.............!.......,...............j.Y(.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\free_space_cloud_poup[1].png

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 271 x 164, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):15386
                                                                                                                                                                                                                                                                          Entropy (8bit):7.946668586666005
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:9/T/L4epXA8lEbUXdRTMvDNBdF1aqpk4H1XcFqUKQ70TmEitYLlj:9fK82bUXdRTqDJLt6/imEiKj
                                                                                                                                                                                                                                                                          MD5:5B60CBC29269391EE51A56EA2F908FB8
                                                                                                                                                                                                                                                                          SHA1:7EACC940847C65EBC5B841EB1A595778DDCDCFFF
                                                                                                                                                                                                                                                                          SHA-256:DB78DF1DA49B3B3EED5EDA91EA4970408326E5E418935AA306BBFC4BF93DE8E5
                                                                                                                                                                                                                                                                          SHA-512:6B7435E3950C9586B064C77E3F9941936127EF47E13C85AE874FB448D2F89A511B6B1097A692CBE157071E5417C730B8B334E6575634DA6547B49FE28906F94F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR..............][.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:0CF4A934A83C11E396F0AB95AABE1D3B" xmpMM:DocumentID="xmp.did:0CF4A935A83C11E396F0AB95AABE1D3B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0CF4A932A83C11E396F0AB95AABE1D3B" stRef:documentID="xmp.did:0CF4A933A83C11E396F0AB95AABE1D3B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.P......PLTE.M..m...yyy.......................q......................."...L.......e..`....QLJ.......sP.......r

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\getipaddress[1].htm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):194
                                                                                                                                                                                                                                                                          Entropy (8bit):4.740984292214869
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:q43tISl6kXiWHiHuwWSU6XlI5LP47eIpfGu:TPdHiHZVvlI5r4NGu
                                                                                                                                                                                                                                                                          MD5:EC0F2D6D8DA7997A10F72A2537729E59
                                                                                                                                                                                                                                                                          SHA1:D6B8CA36F266D92775F5B757E65B8C10C747C30A
                                                                                                                                                                                                                                                                          SHA-256:95E1144AE5FABA1D6EA1AC58B29B1E8D0399125E4DBC6A17D50D0BF5CF3BDCF8
                                                                                                                                                                                                                                                                          SHA-512:AC07FCC825E53146730E857A4187AE906AD1F9F3B0B149488377218328D1315096E6068181C76BC95219B7D9AE2B7E91BA4923EB502E684371E313BA952EDA8B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.14.0 (Ubuntu)</center>..</body>..</html>..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\graph_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 136 x 135
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10093
                                                                                                                                                                                                                                                                          Entropy (8bit):7.814952176854079
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:JCLB1d2Idn4VdtygI9AY4+6gTvKuqcpgCImj9ra5YX4Bac:JqBvtdnStyRX4+6q1fImj9rYYoBB
                                                                                                                                                                                                                                                                          MD5:7C53D144D160F40D6A8FAE21D5A73813
                                                                                                                                                                                                                                                                          SHA1:F1E372F624C9E5FF5D97F922767236B9B72888F0
                                                                                                                                                                                                                                                                          SHA-256:716AE891C070263B44D23D7D3D5C8D9341731AEBD5916020660F42E5DA7322D4
                                                                                                                                                                                                                                                                          SHA-512:27C22412EE0F82FECCADEDF9F9DCB4AB6EC0C7409A4C649180CF0497AE8527C8395BB200B3B68361A70536F5AF5BA541C1847A56EDE94525642A16ECA415D6A5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...........................................................................777......666.........;;;.........888AAA......:::...............BBB..............999.................CCC<<<................>>>.........@@@...PPP...???...rrrGGG..................dddSSS............RRR.............................```...............NNN...TTTccc............QQQ[[[......ppp.........OOO.........aaa...............eee......===FFFggg...nnn.........HHHJJJzzz.........mmm...tttDDD....................YYY......lll...MMM............................wwwUUU..................{{{..................................................qqq...]]].........\\\...LLL......VVV|||...ZZZ......fff...bbb...sssKKK.....................................555.............................................!.......,...............H......&.@i...WP...a...'x.!...:.L.....(S.<.....0.I..;.-.....@.i.2#..H...AC.P.jh.....9X.a`...v..A.....1..0.."G...V.q....sn.Y)H.....v@....c.C...M.!......5-.y.N.X..B.hG..i.........4

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\home_status_bottom_right_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 10x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):613
                                                                                                                                                                                                                                                                          Entropy (8bit):6.256426779901082
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P+Ec2bF5nYzkBC5COsRfWt8UXp8YojQrexBKRb:WjJdYzkBICOsRfCjXp8YDRb
                                                                                                                                                                                                                                                                          MD5:5A6AA7A26A73E2469F281C364514290A
                                                                                                                                                                                                                                                                          SHA1:7E1C47CC7D14787AB1E869887BC1DB95BCB7A24C
                                                                                                                                                                                                                                                                          SHA-256:3B0F1CB89FEFC708EDF3583DFD8B18C2AE97A837311133A256203C179F888206
                                                                                                                                                                                                                                                                          SHA-512:282274C12EE5F1A296CA308C57FC657465BC4BF98FDF5735AB871B337120478619AD674CDE927A5DACE5B35FCD81DDFF7782208039D102FB1A10F2FD2A550C20
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................V...............l............................................................3.t...1..!Q."CR...................q..2...a."..............?..l...;-..kO.E.v........'..|.mQ.!E.s.v..X.fI=X;.j.A....;...:..2I...%.TZ.Ip...p....OV .,..B......s.N.6.z...f....\#/wk.*u....>K6......{.\.S...$..A.Y.E..........`m.$.b;2Y.E..........`}.$.b;2Y.E..........`}.$.b;2Y.E..."..L,.i......BM?m:..[...........O..^|p]x#...C.`...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\home_status_bottom_right_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 10x86, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1463
                                                                                                                                                                                                                                                                          Entropy (8bit):6.337136390641522
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rV1FslyJ3VS8ALKGKtkf19A33333333Gw3:NpNn2ftJ3zVE9A33333333p3
                                                                                                                                                                                                                                                                          MD5:4B80B16B48CF3317627E74602E885F20
                                                                                                                                                                                                                                                                          SHA1:3CE98CB424450299F0C3C31C379DD4A01D85EC27
                                                                                                                                                                                                                                                                          SHA-256:B6EA39A904CFC666E3A2FCCB727A568FAD922DA86DC7B8ACF06681AF71F77350
                                                                                                                                                                                                                                                                          SHA-512:AE315701015E8499E94DEB392948957075AB429224BE2869BD6177BD776A4678DB7FB820CB3F075E231A8F953DDDBF4915359F88026DD1B07CB922DA23780041
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:F9CC6219F18B11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:F9CC621AF18B11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F9CC6217F18B11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:F9CC6218F18B11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\home_status_top_left_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 225x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2222
                                                                                                                                                                                                                                                                          Entropy (8bit):6.70529035336675
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:WjJdYbbCPn9fNLHy1C2Hy1CYmgOZGEQa24IkRB0KOc444YFVyVny8hhSB7tYqM:OJICJWCLCYm/QaBB0KYy8hCY/
                                                                                                                                                                                                                                                                          MD5:0FB4D03D63023FD1EDFC4DE383E70F02
                                                                                                                                                                                                                                                                          SHA1:515065D180BCEC28A73D6413329E964BA6FCF10A
                                                                                                                                                                                                                                                                          SHA-256:F34FDBCE54828BC7E5AA8B3C349998497BD81B4A201863ABFC76029B667CA89A
                                                                                                                                                                                                                                                                          SHA-512:AC9346F6CAF5C797F360D69F52494BD19AD28437F387E26560EB0ECBA0069E219D2119795219B0A0984456494AFACBD6CAA585B7BA2C6386A4028802609963BA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d............................................................................................................................................................................................................................................t.U.6.T.1...$5&!.....................q..3Q.R......!A2.1..a."b............?.......y%.{...i...ujP.<....G...........3.&k.....d.kD...O.~..[{gM..NZ.....Le.vm..Gl.i.R.>=........7.m9j['...A.......M.-Kd...c(;6.c#.t.I..l...Le.f.Ldv..6..-.........}&...|{]1...}1..:o..r.O.k.2..o.2;gM..NZ....t.Pvm..Gl.i.R.>=........7.m9j['...A.......M.-Kd...c(;6.c#.t.I..l...Le.f.Ldv..6..-.........}&...|{]1...}1..:o..r.O.k.2..o.2;gM..NZ....t.Pvm..N4.*T2....t.._KN..a,...\0..0...a.......:.i,.F.G..*.+.........c...]...Ud.?..u~..k..g...z.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D.D..........T.......;?..<.M.p...........[....6..8......8.9Q..V.J."T...H.*D.R%J.*T.R.J."T...H.*D.R%J.*T.R.Zw..]...Uy.....W..l.?..F..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\home_status_top_middle_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):376
                                                                                                                                                                                                                                                                          Entropy (8bit):4.575143497593088
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltlasluqnc2LBO8IW48MW1YlE7mMeB7Iv+QTT0GJqtbTv56WaVs8:2P+Ec2bF5nY7a+QTGtvvI9s8
                                                                                                                                                                                                                                                                          MD5:A029FD277C6B2ED18FC8EBC1B4ECC798
                                                                                                                                                                                                                                                                          SHA1:4F4F69BD5134C4903091D3EDD78118B39D38FF5F
                                                                                                                                                                                                                                                                          SHA-256:88C564BBF554D0C11E280AE89C31CF20669849CCEDB2BE8748A14B0F9982A70D
                                                                                                                                                                                                                                                                          SHA-512:B85D79D13EAB87C7810217387BA71878ACF0F30B5365F5131D320CDD97E290B5F1EC8E91DE3CB2D61B83508EB8570C924B065D61CBD1F4A154957F79E3BEEFCF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................................a.................................................................T.......................Q.................?....QO....].m.b}9k..Y.......*......(..,....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\home_status_top_right_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 10x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):796
                                                                                                                                                                                                                                                                          Entropy (8bit):6.704086101587927
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P+Ec2bF5nYTkH6QLxaGVRg7ew+aoXy5mddm1+Cqxt6SQYuRKacYp/kaVRX:WjJdYTkaMVRg7P+a/5m61axBvaVR
                                                                                                                                                                                                                                                                          MD5:950BD7A5389B76FC20249D5DA16D18DE
                                                                                                                                                                                                                                                                          SHA1:2368AB70ACAD0E32FB08D4B9A45ADC230088E255
                                                                                                                                                                                                                                                                          SHA-256:FFF12E8AA6A80A4E05F219752B99842950F77A56C801BDE9D2D07E1432CCC350
                                                                                                                                                                                                                                                                          SHA-512:952EE33FA883E4F98C41E4605617BBA33A8BCD36F6B28862152B62B196A4B8182EC9F42388AB16A261FED8C55C27E61E6B151454480F58330B4FE21EDB918CB5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................................k............................................................3.t.....1AQ..#......................q2..Qa..!............?..............c;]/.v:.u./+.#]w.....*r...'.Q.~...113..3.?.a..".........~..o.......X...m..`...H....7.x..x.m/...-.E....C..%..[i~X+io.-$p......-...K..[K|.i#.....u.n..._...[.I.('p...Kw.6...V..$ZH.A;.<]b[.......".F...ab....M..,......4HV...X...}..`..H...B..X..x../..m-.Ed.......%...i~X3io.+$`......-...K...K|.I#...P.u.n.7._...[.I.$/r...Kw.>...f..$RH.!{.,]b[.......".E....b.......,......,@^...X....6....".E....b.........w..$NH.....]b[...._...[... ..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\home_status_top_right_red[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 10x182, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1734
                                                                                                                                                                                                                                                                          Entropy (8bit):6.872391611201755
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:STK1hyWwjx82lY2T3rVUOTFzfTlyJ3VU4TAzfTKGKNkTaBIuDqjxuJdqm8wyOivt:NpNn2feOpfIJ3e4OfGVXWIqJvdv
                                                                                                                                                                                                                                                                          MD5:83FB50D0DBC24315A9FE03417A94D2DC
                                                                                                                                                                                                                                                                          SHA1:82D5AF1C070094B2DF269B392EE6D0EF71E08BA9
                                                                                                                                                                                                                                                                          SHA-256:B2C4CB25BC167E2437643FB1CA63A65E4E53D9A3168BEE01744C75ACA1637F50
                                                                                                                                                                                                                                                                          SHA-512:CEFA7D3FDE3733C801B54D4F1A38A32674B3CC012532A4F2E13FA509B94AE7A951E1B0A377CFC4E64A28AB293C8DBBC89B47290811BB079FAAAA6EF8C6DEDA59
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....2http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.0-c001 79.c0204b2def, 2023/02/02-12:14:24 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:E33AC6C0F18C11ED9B64D66787F5FE3D" xmpMM:DocumentID="xmp.did:E33AC6C1F18C11ED9B64D66787F5FE3D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E33AC6BEF18C11ED9B64D66787F5FE3D" stRef:documentID="xmp.did:E33AC6BFF18C11ED9B64D66787F5FE3D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..........................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\inner_page_btn_bg[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x65, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):388
                                                                                                                                                                                                                                                                          Entropy (8bit):4.298614456440593
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmB9mMabH0tEetfitHJlJUXE6bvWJimH:2P0DkzRUBtfitVUXE8vMiM
                                                                                                                                                                                                                                                                          MD5:728838B59B34B11FFB04F0A696826DCE
                                                                                                                                                                                                                                                                          SHA1:95EBEF0CFEA4429E5708D2DF2AADFAAB14E857EB
                                                                                                                                                                                                                                                                          SHA-256:ABECC99F18DF9E07BE988F9F425F373035AED82E56B24B2F03EFF001A2C252F9
                                                                                                                                                                                                                                                                          SHA-512:C3F3B187D4028ADF1EBFE5AEF6C7EA5DBA3DC9BEA4C5E217FDA75B45B1757A6CC4D0D108E32C926BDB9967C708675922A74107444CB8AEF2EF3E607AD0665627
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................A...............e............................................................Q....a..R......V......................!............?...........qm......L!p.3:cJt......0. E...@.p.T:....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\inner_tab_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 10x84, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):496
                                                                                                                                                                                                                                                                          Entropy (8bit):5.146764081297685
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltla6QzDkmK160kmMoTEtXl+tpflomsazl6QjqKWWiYSAKL/n8+116J8:2P0DkX8kpEaNoGRjqpWWASndn6J8
                                                                                                                                                                                                                                                                          MD5:BF6CC66D5964CA05D55C0102689AAB87
                                                                                                                                                                                                                                                                          SHA1:93D98C4A4FE9973D1C96B7C341A2136340B4D041
                                                                                                                                                                                                                                                                          SHA-256:1D18134AF7EAEED40E7E844CB985D31636FD5C5D48ACBF2E3C20F951509BDAD4
                                                                                                                                                                                                                                                                          SHA-512:C76B6FC5FC01891F3E3C9636612EC1E6E344EAE9075F0E35D4890D0E09E9BC8993E9827ED68697E8F43D9D27B4254EB6DF54B1EE1C4FC51B821FF15492EF89A8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................T...............n.................................................................S...V..!1qb...T...'g.................................?...@.j........L5Kd.......#.4.0.....u.3o...L.Sy......A3..OQ..3.Y=7.Y...k.N... ...k........rJ.....zh...../f$.....,...9E..p..T.s...j..~. ._..O...s.?x...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ip[1].json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):335
                                                                                                                                                                                                                                                                          Entropy (8bit):4.858580742670127
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:YWyb1BA16cJF8VSnupEaNk39rSWWtqJfW1CzFTHhgWLrEzKTZNOF4aTIm4:YWyb1216cJMSu2aN49rSyfWKFjEzKTZJ
                                                                                                                                                                                                                                                                          MD5:5FFA2337CCD47DDFD802D66BF2A23399
                                                                                                                                                                                                                                                                          SHA1:6D69B4179BEC62477440D400A21C72DE5E80580A
                                                                                                                                                                                                                                                                          SHA-256:2541A9E0BDEE72DD4FCA311625792328A26C8FD7B084CF1C8D80078686AAEDC9
                                                                                                                                                                                                                                                                          SHA-512:C8BC87FE39B7AD71DD1CFA05D9D3358342A5EA65BE7285FBDAACA8D0B74AB67BF5B66FD7523B4A282636FAF198B13DEC70FF7015DFBFA4CBB7F72ADF987B71B7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"status": "success", "city": "Atlanta", "zip": "30301", "countryCode": "US", "country": "United States", "region": "GA", "isp": "Datacamp Limited", "lon": -84.3871, "timezone": "America/New_York", "as": "AS212238 Datacamp Limited", "query": "81.181.57.52", "lat": 33.7485, "org": "Binbox Global Services SRL", "regionName": "Georgia"}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\load[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 128 x 128
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):36343
                                                                                                                                                                                                                                                                          Entropy (8bit):7.846062526834323
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:384:LRRNtdqnLVb8OizP71q4FzP7xvzP7UyjvNmLh142bor/Ev/spl/ors0Jkq8GkoXl:LrN++nVnxvnU6NcT3nm0aXQbDwYWEb
                                                                                                                                                                                                                                                                          MD5:9CF72C8884C1AD3AD23C2F667AABBDC0
                                                                                                                                                                                                                                                                          SHA1:57FB928C4C464F0920F4294E5103B2A1599F4DCF
                                                                                                                                                                                                                                                                          SHA-256:2920D679D8D0E9206EB335FA5FA6CDF1ABEB6D4B0766DAC2D28C27E6E7E75490
                                                                                                                                                                                                                                                                          SHA-512:6A7261248E6F946F7E525E0E81DA0945167E2175D14A98F8E647452115B3805F38FD9E8F74F957CA7137290C9539E02640CB46A14B8DFA9003A22B5ECF3B23B5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a................DFD...$&$...lnl............TVT<:<..........|~|......\^\,.,tvt..................trt............\Z\<><................dbd424.........................................................!..NETSCAPE2.0.....!.....-.,.............pH,...$.t.&&.qS 1...D..z...D.2.s&u...p..t0$.....:..h..jglFnq.o,..{..{'f..j.h.m..o%.(...F )......E.........&i..........&..^................D'............ ......k....[.............H.....U...[.I.......@..>e...T...W..i.P.L....2..a..!.6hU.I.^...sw.....1.).V.H....r...O!@....(......t...Q...`U....Rr..kX..0....mR..w...O..!..D.N..h|...;...n].r..._.Dn25..m.......g1...#w&.:.e.q.#9QL..ZI..V).u..I.>r....hp#..r.o.._.M\..Q.3.[..i.j. .cD.....+........a.......{I.!.........P....`$...i.%. ...{@...!.'`}_..1AF.)..g.....b'A...X..m...wa"#.jU.~.$ ...h."^h..b..$.....]...h...p."j.].@.G-iI.D4.....@"Bb.....B.j....R..@..\.X}.....a....L...x.!`..B.X.Z.uq.?q....<.6'W...^.*$..Z.\..1..D.E]..P^..z.[u...G.R#.....s.>..aIL.Vs9j.k.....j.......L....a.Yb.. .

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\logo[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 184x72, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):4865
                                                                                                                                                                                                                                                                          Entropy (8bit):7.752054515186891
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:bY28lVkpN6uLK8ZLv057FArtL+bwwZCXQVHag1wE:bEHkuo8deB14CAX1wE
                                                                                                                                                                                                                                                                          MD5:A378634EDE5E73E522E242A6928CD385
                                                                                                                                                                                                                                                                          SHA1:153DB3FD78CDC9BA6A545AC1A817AF7CEAE3E4A0
                                                                                                                                                                                                                                                                          SHA-256:EFF90EF0612A01552732DC995E2BC8265328CD03E8AA376B76A30A1EBB8E1E40
                                                                                                                                                                                                                                                                          SHA-512:BFDE15821FFE707A418A4EA41FC9ECD08A705F0B056F5BAB1DBE8B13B4404B6740C6C0AEDECAED766C1639AEE0E3799C7B9D17625409C13FDEB958758A774F8C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:44D11401CC8011E3A578B8AD6CAF9537" xmpMM:DocumentID="xmp.did:44D11402CC8011E3A578B8AD6CAF9537"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:44D113FFCC8011E3A578B8AD6CAF9537" stRef:documentID="xmp.did:44D11400CC8011E3A578B8AD6CAF9537"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\os_icon[1].png

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 90 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1053
                                                                                                                                                                                                                                                                          Entropy (8bit):7.719384301547552
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:X3RmwxqFiTTm5MTKLWfTc0Hxx494auKId0Ahi:XhmaqQT0MTKiz/494auaAY
                                                                                                                                                                                                                                                                          MD5:0EA2AE979DA4F182E651164FB0EBB1F9
                                                                                                                                                                                                                                                                          SHA1:08A15BE410DA087E97F3ACB8A42B9576A8E99CC5
                                                                                                                                                                                                                                                                          SHA-256:B84C1AA67776B9959C5CBD5914166FFA545971032469671B0D280CF99616F24B
                                                                                                                                                                                                                                                                          SHA-512:381B174DB67827ABBC0C2A30413584EE0FBF3B43D6149A754FFF498D1A94BA18F487081E30732FAC2CFAFA8C7723B05B1EC5470C45CA67E26F211610A74F3756
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR...Z................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..X[KUA.....x.2.Z...beTVP...KD=...S.........A.QO].|.%...$.Zfj...N..70....}N..|...Y{...5E.l.Q$.l.v...w`.H..|\.....@...f~7....V..-t.......F}.F.~....`....AQ.N......S.}....1...9.......].(3....X.F..$6.....TiTH.g9C...@..*...K.[.....}.[..<...s52.=:Lq.......M........b..}.KKc.....N%..?..N..p.B.4...^.Ct....\%j.....0?.(.i..0.....H.(...`.E..#....d.>.wjm..wm.#.'..XI...(....2..r.T..q.Kyn..e:Uuh..r....1...Q.+..G....B.....:...*..Wv1.r..f[........:.dG[.L....%.E.xH..r.c.i....J...$..BL.q...C...*.P@.D.^..).d...f...5%..2uD.Owq..J..V...Yel..f8..4.D.4..P.(.X..Vf.JX....M..........sh...$h\...6.:.....z...$...8....#Y.m.......)...j}CG.6...&.r!2-.s.........w.F..d.EXh$..`......!.'...w+R....F.8-.I.A.a..ZV=.$M....&.x^i.aj..>:.l....|.S..[...j.*m.$....'n..K.4..o`!....3..3,.....cV....'.....$...P/X....G........*..Or...<<.z.\.`.HQO=....h..$.....m.vu..S..TY......|z.NH..p..tY.|3.n.Z;.XU........W...x..A.p.a:m..)

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\pause[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2785
                                                                                                                                                                                                                                                                          Entropy (8bit):7.728595648552837
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:Ti1uq/hO8VeDY5BZ2NbVZaQiS+65eTS1QvU4+VrbVhn8jqMSNr:TTq/htVeDY9cnaQD5c9Yp5h8j49
                                                                                                                                                                                                                                                                          MD5:430835A861006AAA25829373DDE4C186
                                                                                                                                                                                                                                                                          SHA1:BB80FB99FC1C94BFEA415CA80E819F339D9BB061
                                                                                                                                                                                                                                                                          SHA-256:DDA5FBCC1AFDB686B58B56CD9E5C578BECC7E1279422F6D919A79F631105B092
                                                                                                                                                                                                                                                                          SHA-512:2A1CDA4405EA1BEEEE0DBD760AC3E06CBAF5831B78212FCF6DD7B2E71969F77131331D9A9F7842B13C099FA19E2B0FADDFE06AE02CBDD2C9E603BBB250520972
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#.............................................................................................!1"#..37AS..BRb$4D%5e..&6vw8...........................!."...1AQ2#..aR45qB36..r.CSc..%uv7s$.............?..S|oj..).:.={xn.....+u..kn..!R......Lu..a(..B.@.U&.../...p..^..JS.zb.!0.6....K..d....."B.q...xZ-...oj..Fm.e..6.\.n.fs.&.Ch..2.Rb..L.J...<.W4-'?1@.X@?....).1...:`..]r....c...q..f.~.P..v).W..I.Qhe.Qg.Q$..nRLHA...B..CH.\...W}Tx|...3.%...H.5....P.s.D...j..t.....X[)..-.k}q.i.}...vN=EJn..Pq...q..kV\...sO..G...=..;...j.u@...........K....(...U.#.....N...2NC.^....FzE.$-.U.1.E.(.R........=.z..si...v..P.]..k.Y.*:l.jCTL..p8...d..R.c.b..... %.....q..P..7.ka8T.%T...4P......H. R., l.........!>..../...o.......}.8}NN..OWo...q.sR\+..o.......{9A.\.$=....P.0.-.*S...;s*.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\pause_disable[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1322
                                                                                                                                                                                                                                                                          Entropy (8bit):7.3415010568616585
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TivxAzDAhypG5iPSElHAMNrMq/xtOHcoFDOLkndeDi4g84hsuCCG/Qr1m4:TiqHJlSyBN4q/xiLFSLkki4yC/r4
                                                                                                                                                                                                                                                                          MD5:2257E5262EC0096A172E5C895BCE36D0
                                                                                                                                                                                                                                                                          SHA1:31848C90D82D13D711AEDEFFC503942BC3B694AF
                                                                                                                                                                                                                                                                          SHA-256:AA7249002258A66B461506760710BFCCDB976871CF05F08FB00D2E7F9BAAF3B4
                                                                                                                                                                                                                                                                          SHA-512:F213805B0F14E8EE077967149C0817C3E788BEB899B3FB18407F9794A2F050AD2794AE831D2A32A44B2121E6047FD506C97476FFD41FAAB5BBADAE111554A813
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................#.#.............z.........................................................................!1"..#3S72$.AQ..Bb4%5e.&6vw8...............................?..S|oj..i.:.={xn.....+u..kn..H.+.p.....G+.J*a..P..H...T..d,.S7N..2......(.K....]..N9....1.......' ..C.N..ydQ^...-..{[T....0....'w;'...7ne[.8......}u.d......3l..XH[..c...Q.o..uZ3(0{..S......V.s..@...#.R.Z...........~.Z..\......?w_K....!..]&J.Y...*..2.....E..D6......7.j2.\....HS....J&c.....}.z..~:.%..........\.W_.;XZ.q^......T.(p../.N=..n....9&.}TZ&.I.... @.....K$oGN.C[.T....?I/X.F.......w*.&....=ve..I2.T.)..K.J..S.2qs."...N.^&.F..h........7......U,$e...Jn._......p..]%...> m2.D...7..BE........G....?i...#......;....D....,..I$..QUT1H.i...1.P..).B......l...P|;.Y\d.w.gOIL..&..K&l5..n........P...q[u%f.V.%...5xm.C.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\poup_greentick[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 16x16, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):769
                                                                                                                                                                                                                                                                          Entropy (8bit):6.589013182453534
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:2P0DkTP2kEZO9oqAkA5B7XrQD2tFh1Sa2/mUCzpbYwL6Slhem:TODEZO92Nj+a2xC9bYwLrIm
                                                                                                                                                                                                                                                                          MD5:C19388A21B242738F84E9413B05B4213
                                                                                                                                                                                                                                                                          SHA1:419BA88F1B9715FB5DEBEAB76E551F49140A1562
                                                                                                                                                                                                                                                                          SHA-256:510317021D967E15D123D88C894CF7AA792F2A51033B43B1C8B6A95E192FE217
                                                                                                                                                                                                                                                                          SHA-512:FEFDAD95AFB79C8F20C92D3208CA272C1C8DA3CDA68D10F7994A7ED19198D054D28457230DE18AAC548E748D9F76E82193BFD06744AF538E3F3D2C5FA7C29913
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................m.................................................................................................!1.A.Q"B#.............?..J ..9...o).W.b...y.B=Q.........._...*|u.HQS.....?[.g.J....M...NdY..I8.....w..e.DV..u....e..Y.A..4.1..u......I$zn5..e4[....?.1.U?-..~aCu}.1..\..y`...G.6CE.\.+!#... .=......;.^O.W=......mC.t2i..P.&...Ym...i..P.0.)F..4=\..1...b:.s..Xo...t.......d,-.CG....JrY#BXT....g...%.B.kw+av9.Y.&...i../m.(.9,..K.@..~...c.Wq.yE..'.s........+O..T.}.%.r.M.1U...{a..b.|A."...a.a..x..cm.E...f.*...wf'._\..:....^6..._.c.J..Y.......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\process_done[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 49x48, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1601
                                                                                                                                                                                                                                                                          Entropy (8bit):7.5601496645460395
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:WjJdYh/r42e1igrUCqdjhz2vOHe8T/NvL0NeWzO1mwJUlai3XIcIi9r:OJEc2O3cdjhz7He8r98KR6IcIip
                                                                                                                                                                                                                                                                          MD5:6B7C715E62F80247719B5905BBA4D8BA
                                                                                                                                                                                                                                                                          SHA1:6138C56605B69A8F79FC161E408DC49735AFE13F
                                                                                                                                                                                                                                                                          SHA-256:3C2B210B45C79C3D36A6D8DF961296A107EA6B35366761EEB38441B2F32DD15E
                                                                                                                                                                                                                                                                          SHA-512:CD1AEC315652712B5F1921C7EAAB9994993D865CEE77BAD4431073058187308BA8614694E5FEF343E00756786F965872CCFF6B1E6C74BE78CE15A7240A96269C
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................0.1.......................................................................................!.1..A"Qa.q.2%.Rbr#3.$..........................!1Aa.Q.."q........2B.Rbr............?..ODF....".|...g.8...../y..y4.a.I)..k.:..cSQ.6V....6.-MF..Xv... .......S.....P..eg[h'..C,..^..4e.pE@.Wj.....4q. ..o.Y.4..h..8..m.ee..D.}T..]..DF...j./"..L...,...]..s.ED..f4.....2...X#.d.e.6...}./..%....*Ow...Z..R....GS.jz.Gg....^o&..[.....#...p.-.lJ...M.....7$.1........,7...$..uh...(..m......|.TZ=7.C.x.v:..=x&;.~..W@....#DKo..\...0.2~O....>..Ty>j..}..J>GU...,=..Wy..-..O.....]....7.<.8.\&.H...Om......Sf....5.../......v....:/W.........p.k.6..Em.[.Q.UQ......4E@.G.\.........i.dP..Yf...fv...h..cZ..:.V&..=8} .m...d......M. ....x...^....H..R#...&s..2.....a.c....iF..h.qllL.;.]>.iH..d.ql..s..}...

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\progress_green[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=18, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1], baseline, precision 8, 1x18, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7714
                                                                                                                                                                                                                                                                          Entropy (8bit):5.141118214705623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:Ajw0jy76r7Uy4lyLJQXPYsPxDTy7roknmWWPhWMHi20CYZ5KSt:AjwElrQy4lH5tgoknYt6KG
                                                                                                                                                                                                                                                                          MD5:FBF6ED41ECD861C84823F1BBBA07744B
                                                                                                                                                                                                                                                                          SHA1:43B63911B2D2A8C213F5BDD790E31493FE8E777D
                                                                                                                                                                                                                                                                          SHA-256:A46661345D614585596BF6F90040E5F23F9F8EC972C68710A7A039E694202804
                                                                                                                                                                                                                                                                          SHA-512:85315348C4DF8CA326D4FB7CB30844943BCA975BF90E885C9154B45FAEB20C9257AFB125E9283F22C90662912B23F8D32F5A99F0B7272A127C74AB6648FAAE18
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.......................................................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2013:07:04 10:50:20.............0221................................................................n...........v...(...................~...................H.......H.............Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.I$......I/*IWyw.....DPhotoshop 3.0.8BIM..........Z...%G........8BIM.%.......K.m`

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\progressbar_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=20, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=2], progressive, precision 8, 1x20, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):7578
                                                                                                                                                                                                                                                                          Entropy (8bit):4.941013490633967
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:8j40i87j0s7Uy4lyLJLPGsPvDV87MoknmWjW9Hi2Rg:8j4tg0sQy4lmLphoknSPRg
                                                                                                                                                                                                                                                                          MD5:2F9DD7346D04EAA9CB0F87F67FA04C37
                                                                                                                                                                                                                                                                          SHA1:4EA5BCA6BEF86C1B269D5679A2DA401B691FFE41
                                                                                                                                                                                                                                                                          SHA-256:510E3EF4A6A8AB8F32E7EC966032371A2E518002282A00C42419D0EA6414B90D
                                                                                                                                                                                                                                                                          SHA-512:9F0AFDF2F6463CD44584010208B852B022EBA552D5A067E29BA2B8AEE743846B7A7C01B4B5B6F81FF5B1ABB7BDEFF4DA63626553928EC7D6DA86458452017703
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.......................................................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2013:05:13 13:35:24.............0221................................................................n...........v...(...................~...........,.......H.......H.............Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..._..IM$.........O....)/.I%?......Photoshop 3.0.8BIM..........Z...%G........8BIM

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\progressbar_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x7, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):333
                                                                                                                                                                                                                                                                          Entropy (8bit):3.4995756401589917
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:mgslLPltlaB1lQQp/yEDpeknmRmZtndmMpa/ll215zW9pvZbp7Lsn:mjPltla6QzDkmZmMw//i5KRbp7Ls
                                                                                                                                                                                                                                                                          MD5:E8842FEF2067C957DF0C87509C75A25E
                                                                                                                                                                                                                                                                          SHA1:AAF542BBCE731D0E6D57A3C0029C5FD47F7475EE
                                                                                                                                                                                                                                                                          SHA-256:4BA3960DD801C9E19436E4829A93D36324635A79C8D2016454B0BCF3D9D458DB
                                                                                                                                                                                                                                                                          SHA-512:F75556CD5BE13E0381E81DAC332975761EBEEA63C0D46DA2290B5988D0A6B3FF0357F0248BC103367CA1B62D878462C7D009384635112D2AA181E24B0251665B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................V...........................................................V....................a..............?.C8..H.|K.z.....

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\refresh_blue[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 16x16, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1376
                                                                                                                                                                                                                                                                          Entropy (8bit):6.522427684805617
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:tK1he91Wwjx82lY2T3ouVN7rVyJ3VtIrEGXtE1HUZrM84u0GXdGV:qqQNn2xHkJ36EWQ8D0O4
                                                                                                                                                                                                                                                                          MD5:A5034578D33B308F9E0F00B0C80982E8
                                                                                                                                                                                                                                                                          SHA1:9AA6EE6B8F8FE9196BF5E01DF93F019D7C257954
                                                                                                                                                                                                                                                                          SHA-256:7039C3A09D2A32FD048A9C6FB3E572BAB3CEDB184C21FF5D051302BF2786DC0E
                                                                                                                                                                                                                                                                          SHA-512:0736BCF23E0F88D50A264E36798F5C41009EB413AF4640B1C004293500C4DD92BDB881429ECAF886193886A2180899BE87129B8214F7D3097C17254DD1D4FF0A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......<.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:61B2A88155C211E3A2B38D2D586347F8" xmpMM:DocumentID="xmp.did:61B2A88255C211E3A2B38D2D586347F8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:61B2A87F55C211E3A2B38D2D586347F8" stRef:documentID="xmp.did:61B2A88055C211E3A2B38D2D586347F8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\share[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 20x20, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1257
                                                                                                                                                                                                                                                                          Entropy (8bit):7.261551330886361
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:TurVlzfB+nv/ve1vWJ6KG0b1uxbmu8/htgsq7mRSZj0:TsJBuv/vqvWkKdUNmuAq70
                                                                                                                                                                                                                                                                          MD5:73C915F786F3E9B92AB8FF2725FCAF44
                                                                                                                                                                                                                                                                          SHA1:AD13CF85D19A845FE613185B210C60B1D1D27EB1
                                                                                                                                                                                                                                                                          SHA-256:84791525A06B013EF8547D0AD06CF52BB8136C5A196599FEF04D728CAFE02874
                                                                                                                                                                                                                                                                          SHA-512:87EC366B2647EF410B441ED780B706FAFE2FDCB62E862A6995DFA44613A26CA89E1DBCBE96730755B2E120F75FCB58EA4A116F7A9376F850B31F190C19457FAB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d................................................................................................................................................................................................................................................"#$..c%..Ff(..........................!.1"2...AB....CcQab34%&............?..6.*...Uzh....c2O-7.(e@.. ..s+.H.....6..*.....@JE..Ce..aV.......v.`..*...@,a! ..Y.......QW.Z.u7.$L....!.............{...._.q.[...m7......[I.......O..`T.).F..09.......<Kl.8-..=..:>.E_..i...0...R.@A&(.*P) ..]/..cW...w..]E-......B]QP..@..I.7t.a..7a.......*......Z&j..R..[.V....jK.J.H.m.D.2......FT3C...c#.Z.c.8u.....c.....E.Q.....8"..@R.K..4DJ......A8M_..GWrV.)\+a.!F...D.H..S.*i.....b^.A....N.....C<...Z.J.%cc0.[..%...q.e..E..TRP&T`...Y....xE...O...[.j...Q...:b.TE3.%k.F..Y&..)@...JJZ..W._c..5.tC.bCT8..AJH0.HNKI*...$..'.....,.S..a.+...& :..4I.........G..O............so6vnJ.6c.ke..Z......YPt.T....y.y.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\smart_bg_bottom_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 9
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):166
                                                                                                                                                                                                                                                                          Entropy (8bit):4.790400224338581
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CMJtXKXAXC6JFK7jRXMUdU50QQHa7/zzl7/l5WhB8ee5DnmYzV6yn:/WXASsGC5Q03ly8F7jV6y
                                                                                                                                                                                                                                                                          MD5:871CED07E9E8BBEBCEBAE84E7173BE4B
                                                                                                                                                                                                                                                                          SHA1:4E01FA7E9D1EDCDDEEE5F0E320ADD84189E9B969
                                                                                                                                                                                                                                                                          SHA-256:2FE0ADA61D9CF26B1E64C44CD883E5534AE3E21530DBFE1AF31CA981CC871ACB
                                                                                                                                                                                                                                                                          SHA-512:029B795010FFD2CEF2437B558FD56793F0A2DEEE9D7AB69D91C18AD4A36D7A80F9DCC8B08948C1092D5485B8A46C21B22297619223D9378F6B60A47CA6CB3FAF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................................................................!.......,..........#..Dd.1.YB.J6..-...@.&.`.....0..0.#..;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\smart_bg_right_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7666714321693266
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:Ck0o8R/l7/lGb:XWl0b
                                                                                                                                                                                                                                                                          MD5:21CA5EBC62AACA81ACDBA2DF14C4570A
                                                                                                                                                                                                                                                                          SHA1:1C22C4608C4A0E0254BB703330AAC18DF67C23F7
                                                                                                                                                                                                                                                                          SHA-256:0B1191A521823F36588F939D89DE639E62D4CB3214FA9DEFC288439B215C9738
                                                                                                                                                                                                                                                                          SHA-512:08CFD086E1C12CC8618B02EC5ED1AA85B288EF8CE4970D9C35370E30DAA8073AC70669D29C7B91A89D2FF839DCAF46E29AE92F9D526DA5727E8649318DC5A8B2
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................!.......,............/...;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\smart_bg_top_left[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 9 x 17
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):184
                                                                                                                                                                                                                                                                          Entropy (8bit):5.278086123933448
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CUz1AU/aHnSWje9StLpRK8QV/Nzl7/lPgQePl9F023h2j4jautoG9uNwNen:HhAYsSUSep4XxlG9n02WQaLqKwMn
                                                                                                                                                                                                                                                                          MD5:9F655D0CA1A4AD5C342000D52AC4C925
                                                                                                                                                                                                                                                                          SHA1:A2697DCE8E59792DFA34395B41DF98B48231C0B3
                                                                                                                                                                                                                                                                          SHA-256:00BCC29E6069D659FDEBAAE87E17BB127902E32BD809E7786DA666EEBAE07753
                                                                                                                                                                                                                                                                          SHA-512:71071C03F4BD586F1635661304688D429F8A8B20E978C7C14287A165B15A5A868F2F87DDB4155A3D6A3B5177FA2FFC719CB6A0A8D144A37780D5CB3444C3612F
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......................................................................................................!.......,..........5.$J..... .#D....3..$.~7...f..\..@......s..N}U....no!.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\smart_bg_top_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 17
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51
                                                                                                                                                                                                                                                                          Entropy (8bit):3.7666714321693266
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CEu/srcF/eczl7/lVEn:trG/Dzl0
                                                                                                                                                                                                                                                                          MD5:505D5C455372560F8E1F7DB358A36394
                                                                                                                                                                                                                                                                          SHA1:4E5088F8AA4CD8640675C58E7F53C063B53BC294
                                                                                                                                                                                                                                                                          SHA-256:1F47939171A96DD2911EB337CD04E4A53ADAB6C764E0F784C266B0E7E02B9731
                                                                                                                                                                                                                                                                          SHA-512:31C5C8DCF40B4BE546D9DF71BAF7EA1B49E07056A3D5E61FE273AC34FC4796D8B1BB86E92F174D210372253F23CEBBCF247AF2574FABB3D923F448A7AA774DCA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a...................!.......,...........D..[.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\smart_info_icon[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 12 x 12
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1247
                                                                                                                                                                                                                                                                          Entropy (8bit):6.881418810128332
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:HvG2sal1he91Wwjx82lY2T3ouVlINcyJ3VV/vGY8Vge:He2dqQNn2xLIhJ3v3L8Vge
                                                                                                                                                                                                                                                                          MD5:859C9548F9F4FBDC670AF4A4BBC17B3E
                                                                                                                                                                                                                                                                          SHA1:811F709AAA5FAA45B463D2A73389A94223F702B3
                                                                                                                                                                                                                                                                          SHA-256:31B117BEEEDF4E5C1E32FF60C59FF99116EC1980147B2F11916AA1848559939F
                                                                                                                                                                                                                                                                          SHA-512:BCDD8A829F2AE174FC948F1CCDD2A8F183EADA25C97341859BCF9A836C75E096EE7058FD3878E778CE3EE21F9D68992E29744FD6900702C6BFAC006517C8615A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......5.....a.......?...........Y..Z....[..^..>.....:...............................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:642A95D7565F11E3947AE03B7C02DA28" xmpMM:DocumentID="xmp.did:642A95D8565F11E3947AE03B7C02DA28"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:642A95D5565F11E3947AE03B7C02DA28" stRef:documentID="xmp.did:642A95D6565F11E3947AE03B7C02DA28"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\smart_info_icon[2]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 12 x 12
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1247
                                                                                                                                                                                                                                                                          Entropy (8bit):6.881418810128332
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:HvG2sal1he91Wwjx82lY2T3ouVlINcyJ3VV/vGY8Vge:He2dqQNn2xLIhJ3v3L8Vge
                                                                                                                                                                                                                                                                          MD5:859C9548F9F4FBDC670AF4A4BBC17B3E
                                                                                                                                                                                                                                                                          SHA1:811F709AAA5FAA45B463D2A73389A94223F702B3
                                                                                                                                                                                                                                                                          SHA-256:31B117BEEEDF4E5C1E32FF60C59FF99116EC1980147B2F11916AA1848559939F
                                                                                                                                                                                                                                                                          SHA-512:BCDD8A829F2AE174FC948F1CCDD2A8F183EADA25C97341859BCF9A836C75E096EE7058FD3878E778CE3EE21F9D68992E29744FD6900702C6BFAC006517C8615A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.......5.....a.......?...........Y..Z....[..^..>.....:...............................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:642A95D7565F11E3947AE03B7C02DA28" xmpMM:DocumentID="xmp.did:642A95D8565F11E3947AE03B7C02DA28"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:642A95D5565F11E3947AE03B7C02DA28" stRef:documentID="xmp.did:642A95D6565F11E3947AE03B7C02DA28"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\sync[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 20x20, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1262
                                                                                                                                                                                                                                                                          Entropy (8bit):7.22210095014304
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:Tur+KbAKy+5P9fXeir6xAei8HJMhf7sodJ2pwlUsi5:TYy+7Xe+EMR7Rdspwmj
                                                                                                                                                                                                                                                                          MD5:21304B1FA9FB798492E45A92B6F2A176
                                                                                                                                                                                                                                                                          SHA1:F4EF8DE2631F9A396E905BB30C704717F6C84AFA
                                                                                                                                                                                                                                                                          SHA-256:9278C14EECB82C4C7A32DE942C30F72CDD1AC2176013A973DB154876AC35C3B8
                                                                                                                                                                                                                                                                          SHA-512:7241DBD59F2B10C1B55BCB424AB9B4E12EBC32BF37439203149677A15F889B8D733CF0E32F9AFD29BB030357DE2B8B240243F60A85ADC7E05CF11B11DD4FF3BC
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d......Adobe.d.................................................................................................................................................................................................................................................."$%.&'..........................!....1"2.AQ#.aB3$%..R.............?..;...\:+J.Ik..PL/....r.....J..n.},...b..q.8fB...\Y.............+....AB.+.*Z.B.`7.%"..(.P..a.U\Ua.0..(....I...LD..".2......%f..R...N..D...\.%.d..[.+......k....N.<..q,.@.$.|..,%../iPl..._.+...<..a.@..,%DJEL...qTB..r...+..C=..[b.XMHWe.....D4,."..k.....\....}....Y..K...e.......c.....]V:uG..3..*.s.5...~fT.oA.{..d|.'......!.5..{..........v..G.W;...U...J}...#...j..QRgL...T..{fX!.\.V`.0..sg D.e..bsM$.u`._....:,...sXI.J..8....n.1.Ah...J^..... 6C.......}DD..X.2aG@.P..(9T..E.."..K..O.\...P/j..........a.t3A..*...9..!(r.M8,#..FI......y.... D...%H..*x.W.....<T`.}..Y....Q... .,A.....rD|........~..L.T...7

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\system_tray[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3466
                                                                                                                                                                                                                                                                          Entropy (8bit):7.640829682387884
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SqQNn2x2J31Vi7XTEEr3P/B7vDGqJZhzPrBxZNk2GGBTdn9aGm5kxu4cq7NuK:bY2cVUr33BztLrBxZNkVY9ahHmuK
                                                                                                                                                                                                                                                                          MD5:4AA16C1037C44D40DD35E9CEF4584EF5
                                                                                                                                                                                                                                                                          SHA1:729CA7BF931E81A0FBB9A1B0719AAE284F562C3F
                                                                                                                                                                                                                                                                          SHA-256:5F44F76DC101DB113422D4DCC25AB612BB446E7E364D43A6981712638A44B245
                                                                                                                                                                                                                                                                          SHA-512:C2B1229D631925F3B4E6DBDB3DE5A5CCB52627480F7C7329AFA51DA58ADAF0B3415378B915F803BF51299A10260CF1D5229A0E377783F8CC30B0E348FC85546E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:E40A56FDBE3B11E382E8AD10D940968E" xmpMM:DocumentID="xmp.did:E40A56FEBE3B11E382E8AD10D940968E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E40A56FBBE3B11E382E8AD10D940968E" stRef:documentID="xmp.did:E40A56FCBE3B11E382E8AD10D940968E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\system_tray_disable[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 35x35, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2251
                                                                                                                                                                                                                                                                          Entropy (8bit):7.327076582075784
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SqQNn2xy9J3xViS0JfjFP6wxZMk8nDt5MRRNCDO:bY281V50VLxZMrD4RRNh
                                                                                                                                                                                                                                                                          MD5:749C4BCD2426263208B844BDE835C236
                                                                                                                                                                                                                                                                          SHA1:EDFD96C4548213366E06A0626777B596BC05DAFB
                                                                                                                                                                                                                                                                          SHA-256:1FAC7F2DA510D284BFA1C918482A69BA18E35759DEAA74C9D300EB26297AD321
                                                                                                                                                                                                                                                                          SHA-512:EE2EB8AD6757BDE1281C18B9E53CDAC47EC9F8555B18A6E5431AB3FAB70933F1AC4077AB6E466D84000A47A2271935FAF431C42F8D1923458A141D34AEF7AAB1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:F4C672FDBE3B11E3A83A86D7E05FD958" xmpMM:DocumentID="xmp.did:F4C672FEBE3B11E3A83A86D7E05FD958"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F4C672FBBE3B11E3A83A86D7E05FD958" stRef:documentID="xmp.did:F4C672FCBE3B11E3A83A86D7E05FD958"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\thank_award[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 153x169, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):8577
                                                                                                                                                                                                                                                                          Entropy (8bit):7.8877007973430535
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:hW8gZRIX3xYxEnBY/2gjND25OPxIuc64lv34lLFN+KX:hWtOxY4u/NJv59cAlvX
                                                                                                                                                                                                                                                                          MD5:145E9DD7FCF51646A33B2802D8859BA4
                                                                                                                                                                                                                                                                          SHA1:DCCBEB4679A0110D219BC12A2B566147402FE0E8
                                                                                                                                                                                                                                                                          SHA-256:848DD19CE891A0D1374FE45790507B38F959D198E30889BCDB3521A12C25F044
                                                                                                                                                                                                                                                                          SHA-512:92A32E20D2E7CFCBD2015C2FAD80920B6AF7D87AC60B4CBDFB655F77C435C1168CE3B3CC7AC6C640F7F08D9E10B2E06698876FAA72018AE0A15B3336FF9F4B1E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......F.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:865E33ED35AC11E08A6BAA7EDB4FF708" xmpMM:DocumentID="xmp.did:9A7E6941F09111E3B242FAB47465BDEE" xmpMM:InstanceID="xmp.iid:9A7E6940F09111E3B242FAB47465BDEE" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2DFC84B49CC0E311B654EFE9B0F2CD68" stRef:documentID="xmp.did:A48C05B15D9B11E3949CFBBFF40DCC80"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\tick[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 15 x 15
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):327
                                                                                                                                                                                                                                                                          Entropy (8bit):6.533887865527143
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:PSZO/mRFwH36XdtAa+JKw2YBDkKALXUtLjgu9uVHFF9t7+JrWc:P4kXsl+JKjdKscLB9upF7t7arf
                                                                                                                                                                                                                                                                          MD5:791EC373D30FE6B62647A78CBDE61D71
                                                                                                                                                                                                                                                                          SHA1:1E5831F5DC9DD0B84C17927DB03008B1D6E88BA9
                                                                                                                                                                                                                                                                          SHA-256:171B130E505C5907A6D423B0C3A00E6AD7C0C8982F8002F596BEEE8549C3F765
                                                                                                                                                                                                                                                                          SHA-512:03DEB32A4E24EA91308DFA5779225A654EF021B3ECF6B9CA3862021C15D5BE15FFFF691E40F111992C45729ECC3573E5D2FF3CB3857BC09DA2085AA5E990A227
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a.....3...................|.|...j.j...............e.el.l........@.@I.I...4.4...f.f......b.b...<.<q.q...u.u>.>..............^.^..a.a.....8.8...............................................!.....3.,..........d..pH.2....H(.........X...y!O..........2..*...]....A..."^..C#d2'%0^.E.&^..^.J. ./.O..^).U3..2w.3.,OA.;

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\tooltip_left_top[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 8 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):209
                                                                                                                                                                                                                                                                          Entropy (8bit):6.134101408215154
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:6v/lhPZ7nDsplA0tA/ktSOCgGWYl3RKLcC9A5p:6v/7RU3A0tAvOJ/KM9G
                                                                                                                                                                                                                                                                          MD5:4AD9C7165D2A328BB85908CD3F16E621
                                                                                                                                                                                                                                                                          SHA1:72A2AF8D722F83DF30BD61F4C3C1EA4F96B701BA
                                                                                                                                                                                                                                                                          SHA-256:38618C5A8CB9D13319F844F88FA8ACBB9E2C258CD67CAE9D45427FA041E975DA
                                                                                                                                                                                                                                                                          SHA-512:11419BC4F06EAABBDC8C798BDD546606592D708C46650648149BD20B819FBB7E128CFE28592EC921648C8A4175023B2B70AE40F90C7C24DA2C439FC5AB0751CA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...sIDATx.b...?..\.zU.He.q".........H.._.r%..k..y.....a.&.|.........`..|...?6....{...\....$AAA.\.........9VVV........|.U.......IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\tooltip_right_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:PNG image data, 8 x 1, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):111
                                                                                                                                                                                                                                                                          Entropy (8bit):5.214026875336041
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:yionv//thPlvutJHrtRthwkBDsTBZt0A85VlYe0OwtVp:6v/lhPkxnDspLoV0ttVp
                                                                                                                                                                                                                                                                          MD5:C9416D886849400D29CBC3A76676AEDE
                                                                                                                                                                                                                                                                          SHA1:D2CE2E1CCA60BE4B98CF89D4089DB2686B94EA96
                                                                                                                                                                                                                                                                          SHA-256:40F41108B0DB121F2F76B34BAD2C811AE3245E72BA113D0A40D1A1EEE980A8B7
                                                                                                                                                                                                                                                                          SHA-512:E3A81AAA5AC6209739FC56C0A182FFEA4253B5D4D131DFD7E748425BE45CEB4F4536B1A8781BC1D581CB2E838EAA3108B3F84188DB5269D027D94B581AAF24CA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR.............lbx.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...\.r. ..)..hQk......IEND.B`.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\tracking[1].js

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (444)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5462
                                                                                                                                                                                                                                                                          Entropy (8bit):5.219014948464026
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:lvO0bys+vLlSHCV1DN9l6FwheOMqkRx9UADvjNNOpn8JCNBps9Vyl0lDR:JZCvLoHCV1DTQfZqyx6ADbiWCEyQDR
                                                                                                                                                                                                                                                                          MD5:D221DC3D93D3FDB5C016E8A281ADF010
                                                                                                                                                                                                                                                                          SHA1:D90F151431C10B3BB6FE56C7ECFFFFB52E6420DB
                                                                                                                                                                                                                                                                          SHA-256:B1FDA1C5D8FE8C9BF386B5A3AB5EE887A928276143E442F997A716D6DC740115
                                                                                                                                                                                                                                                                          SHA-512:908F39EF9D54ED227954B9766D6CED474F91D0545C5A6C4CBF6D50F91C9ED7D51E3A6AA40292099937B5D69839F25BBB143E9C0136370CA0FA5DCC631F111EA1
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:/* Global Site Tag (gtag.js) - Google Analytics */. window.dataLayer = window.dataLayer || [];. function gtag() { dataLayer.push(arguments) };. gtag('js', new Date());. gtag('config', 'UA-46722188-1', {. 'linker': {. 'domains': ['store.payproglobal.com','fastspring.com','systweak.onfastspring.com','stripe.com']. }. });..// Global site tag (gtag.js) - Google Ads: 942863319 .window.dataLayer = window.dataLayer || [];.function gtag(){dataLayer.push(arguments);}.gtag('js', new Date());.gtag('config', 'AW-942863319');.....function send_ga_tracking(param1, param2){..gtag('event', 'btnclick', {'event_category': 'rb_web','event_label': param1+'_'+param2});.}.function OpenGooglePartner() {..window.open("https://www.google.com/partners/agency?id=7419470807", "_blank", "toolbar=yes,scrollbars=yes,resizable=yes,top=200,left=500,width=1000,height=600");.}.function openGoogleSafeBrowsing() {..window.open("https://www.google.com/transparencyreport/safebrowsin

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\trackpixel[1].json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):63
                                                                                                                                                                                                                                                                          Entropy (8bit):4.5662663839827555
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YXiFYccwY1EIHXUGUMGrd1AX6:YyFxcpuGUHJKX6
                                                                                                                                                                                                                                                                          MD5:D3643887A2A2361AB67B9B8961F25075
                                                                                                                                                                                                                                                                          SHA1:8DDE218D0770CA63D29423BA3E78AB8BD0292B1E
                                                                                                                                                                                                                                                                          SHA-256:B10F9F1A561EEBB11DF4B118753D8FC63EB88CCAB5AA79FEDB94942EDC8E865A
                                                                                                                                                                                                                                                                          SHA-512:BAB4C2A28176851CD82DC3A8CBDCC58EBD39EAF273A743F7293D4F710C7F2D408CF277B0964355F94AAB25E87DC8A03343E17582D06E155C0E30036A9718FBE9
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"rid": "0a5f6199-2242-457a-b253-c1cb83becc10.txt", "err": 200}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\typography[1].css

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2739
                                                                                                                                                                                                                                                                          Entropy (8bit):5.124086232701703
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:MOW9OLrOxTgOCFUXY3QWpY3QLDY3QxTmY3QCfFPBV+35oYmNsLm1kEoy:MOW9OLrOxTgOCFUXYgWpYgLDYgxTmYgq
                                                                                                                                                                                                                                                                          MD5:F9E42ACC6442555B9BAF99FAA2A6FD58
                                                                                                                                                                                                                                                                          SHA1:E7279BB101478AA4336AFE22C2A8390E23BE697E
                                                                                                                                                                                                                                                                          SHA-256:D49490B5AA02D208E2A0C7BD86E8766DCCA8C99569B7643FC4EE3ABE8576A9B2
                                                                                                                                                                                                                                                                          SHA-512:FDD7BAF59D43AF486F5B9F37B937B3E94F49C2FB759B747F898A245404F24F76DD232E418E20F61F6189D046AB2E9D4E2656E904644EA6037A4165942EEB5612
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:@font-face {. font-family: 'Segoe UI';. font-style: normal;. font-weight: 300;. src: local('Segoe UI Light'), local('Segoe-UI-Light'), url("Segoe-UI-Light.woff") format('woff');.}.@font-face {. font-family: 'Segoe UI';. font-style: normal;. font-weight: 400;. src: local('Segoe UI'), local('Segoe-UI'), url("Segoe-UI.woff") format('woff');.}.@font-face {. font-family: 'Segoe UI';. font-style: normal;. font-weight: 600;. src: local('Segoe UI Semibold'), local('Segoe-UI-Semibold'), url("Segoe-UI-Semibold.woff") format('woff');.}.@font-face {. font-family: 'Segoe UI';. font-style: normal;. font-weight: 700;. src: local('Segoe UI Bold'), local('Segoe-UI-Bold'), url("Segoe-UI-Bold.woff") format('woff');.}.@font-face {. font-family: 'Segoe UI';. font-style: italic;. font-weight: 300;. src: local('Segoe UI Light Italic'), local('Segoe-UI-Light-Italic'), url("Segoe-UI-Light-Italic.woff") format('woff');.}.@font-face {. font-family: 'Segoe UI';. font-style: italic;. font-we

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\upgrade_bg_middle[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x187, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):376
                                                                                                                                                                                                                                                                          Entropy (8bit):4.531538267872516
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:mjPltlasluqnc2LBO8IW48MW1YlpmM36k6Xtl62/lMmszhYAllS:2P+Ec2bF5nYiyi
                                                                                                                                                                                                                                                                          MD5:8B26BE2ECCC77D6A7CBA39207DF31288
                                                                                                                                                                                                                                                                          SHA1:D9C31DD493FF432879C24DC43C4597F41D8D55C9
                                                                                                                                                                                                                                                                          SHA-256:4E4915A4BA0E73FDAD48AC8D3B72BEC9830BE6F946F1A9DD47962472670E1768
                                                                                                                                                                                                                                                                          SHA-512:A9D7BA341BDC4BB8EEB7D18F3A0FF31F3137C55636571075822C33D813ECD182C6754228FE168870D3B63836F9F221D9C9CE76500333749DA068CE2B0A11CC16
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......K......Adobe.d.................................................................................................................................................................Z.............................................................a.....T................................?..+.........x... .@8..`=X...0.5`8....V."......`(.......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\used_space_bg_2[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=56, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=79], baseline, precision 8, 79x56, components 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):10125
                                                                                                                                                                                                                                                                          Entropy (8bit):5.991493293351534
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:OjEAnFwW0sQy4lAlapFwWHRkn2i6iZxwFu4tXK6+bbbbbbyQ:yEWnH7idnHqn2Tbvt66+bbbbbbj
                                                                                                                                                                                                                                                                          MD5:E1CF408DC4D482A32F5E73A3DE246BF6
                                                                                                                                                                                                                                                                          SHA1:3C8C5CD85CD09284A880CD15E34026EAA79E3D67
                                                                                                                                                                                                                                                                          SHA-256:F895FF630D9587DB5DA4B30C687FE764F783E969D18326E72FEE63EA83C58C86
                                                                                                                                                                                                                                                                          SHA-512:7BCBAFA20CDB0139C78C2D4FF3BF6F7228F88F7021161D1350B4FBB15D9E675562CB29D6E5D3671F6DBB381D7363FE9FB87ED6D3E147CBA3BD86F0252BF3E4C5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.....qExif..II*...............O...........8...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop CS6 (Windows).2014:03:03 15:22:52.............0221....................O...........8...............................n...........v...(...................~...................H.......H.............Adobe_CM......Adobe.d.................................................................................................................................................8.O.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....k+%..W....1.......T.........b.i.b..7..)+1.@..ti.2...=K.}........6........

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\verisign[1]

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:GIF image data, version 89a, 132 x 82
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6801
                                                                                                                                                                                                                                                                          Entropy (8bit):7.692582489575515
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:g8KwRmvNlqj/fY2Af6cFbFg77cu/J3Bc2V3EUcydWEMP26F4Y4Sj+8HZ7Qtuy34o:d6SjX+RFJu/9y2V0n4Yrq8HZk4YhWK
                                                                                                                                                                                                                                                                          MD5:06075FA4C1CB9A9A5E34AD6221DBF767
                                                                                                                                                                                                                                                                          SHA1:0E899EED25817602D756BF8ECF114262196CCC43
                                                                                                                                                                                                                                                                          SHA-256:4B494CB8AD2F8EE2C75F3AB06DFC235AEBCC551CC6B0D17B86CA3851356B604A
                                                                                                                                                                                                                                                                          SHA-512:6E93FD1D4255B8B596CCB73DF02F2E02A2186219A3A7A76AEC1C5DF07C8539E726D36225219F3EF55816D3EB2D185A95E7BF44E256ABBC42EDFCFCE1EE2B5949
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:GIF89a..R...........#...j........z{...........&........O...........{{{.,0....."...jk...........qq.23..%t......... '....gi.>?...............GJ............%......................CF7............VX.7;.WX...O-,.|...jMM.{}........................7:.xz................%+.9:.FH.UV......%(.................."'...Sjl......VX.QQ....hj.MM................bc.. .............79....xbbm--.......gff.DF.FJ.............`c........$.nr.......23..............,0.......uv.nr................^_.NP..%.........YYY.....3....BC..........1.>A}............../22.....#.VX.VY....oq...............0...`~~.........^a.qs......... ."'.........."......MN..~..........!...onnB]^..._`.de..........................MO....sss....................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/199

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-468CM.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):6144
                                                                                                                                                                                                                                                                          Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                                          MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                                          SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                                          SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                                          SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-468CM.tmp\isxdl.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):155712
                                                                                                                                                                                                                                                                          Entropy (8bit):6.337892449215865
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:LLHq/Hs2518t3JAryzGYihGQ3mI++mh6iysXqa:3Hq/HvAtTMhGRorpsXL
                                                                                                                                                                                                                                                                          MD5:1E95C2A4D1C4F57B67CCA6AB4C2C8B91
                                                                                                                                                                                                                                                                          SHA1:9C9501210B5469C1A390F5F44674DDE5ECE10B09
                                                                                                                                                                                                                                                                          SHA-256:31163BD401DD84733CB21FD84A25E883082C70640FCC255883B637788A7BED4C
                                                                                                                                                                                                                                                                          SHA-512:9D6CF00FD1A66D044F3E100A29E5154EB68E785BE97033D277A6255C69E6FB0340C117299E7C4273053205D44F9FDE1353E2AA0F19B3589413FE8C90CCACC8C8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.X. .6. .6. .6.).5.6.)...6.>..#.6.).D.6.).#.6. .7...6.).%.6.).!.6.>..!.6.).!.6.Rich .6.........................PE..L....5.M...........!................1...............................................T...............................@...........(....@..Z)...........L..@....p..D...`...............................`...@............................................text...|........................... ..`.rdata..JI.......J..................@..@.data...<1..........................@....rsrc...Z)...@...*..................@..@.reloc..\!...p..."...*..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):3238784
                                                                                                                                                                                                                                                                          Entropy (8bit):6.352870375224507
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:uWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTb/3334c:itLutqgwh4NYxtJpkxhGM333v
                                                                                                                                                                                                                                                                          MD5:C587F58BA1C48D1EF273A4B9F9E1CEAC
                                                                                                                                                                                                                                                                          SHA1:CE24A024B22FDF294ED2192EF99EFBF44B151149
                                                                                                                                                                                                                                                                          SHA-256:2AD05D46E948F8614D07E02920C0CA97C08162DA50F1DF75DC429CA13FF91001
                                                                                                                                                                                                                                                                          SHA-512:78681D1F030A7985A23CCD3BE9FD49644C5F2D38E9DEB70E208593471537A16229E06341BA8BD65F2F7616505B1BC4F3ACFFFD2D5153C832949BA61847667773
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1......G2...@......@....................-.......-..9....................1..]...........................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Right Backup.lnk

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Apr 18 22:33:17 2024, mtime=Thu Apr 18 22:33:40 2024, atime=Wed Jul 12 16:39:26 2023, length=6809984, window=hide
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1159
                                                                                                                                                                                                                                                                          Entropy (8bit):4.648290189771598
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:8m/lk2/18IEi2dOE+Ojr31LAMYid3VZd3PUU1lpHqygm:8mT18bDdO6r318M1d3VZd38Olsyg
                                                                                                                                                                                                                                                                          MD5:F12E27DD2B630A9EB835479FE36CC7AA
                                                                                                                                                                                                                                                                          SHA1:70C9FF03660ECDA51F18B6973F3D06532E45C366
                                                                                                                                                                                                                                                                          SHA-256:F97704D43AAA82B3C679D95DE57C219D45278EE08B2466C04BB9AF18F6E8CBAC
                                                                                                                                                                                                                                                                          SHA-512:56DC2D9F777D3A804B5FEED023DD5049F4296D4C35D0AB7FBC0568C7F3DECF4A0C8644C927526A7F674EED2A07DF739BB26DABC267C7CB807D61BB0AC313CF2D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:L..................F.... .....-....|.I......\......g..........................P.O. .:i.....+00.../C:\.....................1......X)...PROGRA~2.........O.I.X*.....................V.....V...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....b.1......X+...RIGHTB~1..J......X)..X+.....*.......................0.R.i.g.h.t. .B.a.c.k.u.p.....l.2...g..V. .RIGHTB~1.EXE..P......X)..X)...............................R.i.g.h.t.B.a.c.k.u.p...e.x.e.......b...............-.......a...........9..p.....C:\Program Files (x86)\Right Backup\RightBackup.exe..K.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.i.g.h.t. .B.a.c.k.u.p.\.R.i.g.h.t.B.a.c.k.u.p...e.x.e.#.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.R.i.g.h.t. .B.a.c.k.u.p.........*................@Z|...K.J.........`.......X.......701188...........hT..CrF.f4... .b.2=.b...,...W..hT..CrF.f4... .b.2=.b...,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Systweak\Right Backup\Update.ini

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):225
                                                                                                                                                                                                                                                                          Entropy (8bit):5.134379797613838
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:Bzg4yBLUNfvCRiNOED/PTiwEp4Ago2O7vXj51VXKUIdbwv:Bze2xaQjD/biwEzlb7LE3e
                                                                                                                                                                                                                                                                          MD5:A9DEC6A4FB1B7E40D3D8665E62B89590
                                                                                                                                                                                                                                                                          SHA1:E213BB4A323417CE5BB191A1C295CC23AB3C4809
                                                                                                                                                                                                                                                                          SHA-256:4436CC7E8E7FA4865B03688615F413CC344CFA3FB2692E9D4F7A6A121DAAF34E
                                                                                                                                                                                                                                                                          SHA-512:8515EFD201F8285735304E4D80FF8E491087F185431CA07C8DCF952FB9D32441584F39F576529F87A85155400FFC82A3B6F3BDEF83378F3D4F5512471C9E5288
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[application] ..program_version=2.1.1001.154..program_url=https://cdn.systweak.com/setups/baps/rbsetup_.exe ..program_size=14973712 ..open_browser=0 ..is_mandatory=1..key= ..hash=deecbf311666f0234c0b8bd8142b698c931ae822......

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Systweak\Right Backup\ipdetail.json

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):335
                                                                                                                                                                                                                                                                          Entropy (8bit):4.858580742670127
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6:YWyb1BA16cJF8VSnupEaNk39rSWWtqJfW1CzFTHhgWLrEzKTZNOF4aTIm4:YWyb1216cJMSu2aN49rSyfWKFjEzKTZJ
                                                                                                                                                                                                                                                                          MD5:5FFA2337CCD47DDFD802D66BF2A23399
                                                                                                                                                                                                                                                                          SHA1:6D69B4179BEC62477440D400A21C72DE5E80580A
                                                                                                                                                                                                                                                                          SHA-256:2541A9E0BDEE72DD4FCA311625792328A26C8FD7B084CF1C8D80078686AAEDC9
                                                                                                                                                                                                                                                                          SHA-512:C8BC87FE39B7AD71DD1CFA05D9D3358342A5EA65BE7285FBDAACA8D0B74AB67BF5B66FD7523B4A282636FAF198B13DEC70FF7015DFBFA4CBB7F72ADF987B71B7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"status": "success", "city": "Atlanta", "zip": "30301", "countryCode": "US", "country": "United States", "region": "GA", "isp": "Datacamp Limited", "lon": -84.3871, "timezone": "America/New_York", "as": "AS212238 Datacamp Limited", "query": "81.181.57.52", "lat": 33.7485, "org": "Binbox Global Services SRL", "regionName": "Georgia"}

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Systweak\Right Backup\ipini.ini

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):12
                                                                                                                                                                                                                                                                          Entropy (8bit):2.4591479170272446
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:CrCn:CrC
                                                                                                                                                                                                                                                                          MD5:41C339CE61C14523871A3FC6B571A8DC
                                                                                                                                                                                                                                                                          SHA1:26A624BE09DB3B0690B2DC7F391D67B6DEAE0782
                                                                                                                                                                                                                                                                          SHA-256:0668B98A79A4FC7016B56130C0880C25380B96F2E678A6CADF4EDBABC80EC172
                                                                                                                                                                                                                                                                          SHA-512:C4D27CB80213C9EC4276F8B1787625A77B75D96281A5F97B38369853A266AA4F0D0B82F2ED6DF09716B2FD891C510182712A1CC3457E6CFC239F6A56F64BB17D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:81.181.57.52

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Systweak\Right Backup\notifier.ini

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):80
                                                                                                                                                                                                                                                                          Entropy (8bit):5.018942707918266
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:zRMQlxKSyM26gKMbkd2+7mHoSJxyn:zqQlxK21MKlExyn
                                                                                                                                                                                                                                                                          MD5:B2A7A25C5D2E6E11ED495C71CFDFABDC
                                                                                                                                                                                                                                                                          SHA1:3136B62E22CAA4739D665EE53390F0EB418055E5
                                                                                                                                                                                                                                                                          SHA-256:B6CED7789D182AB630F998613AFDA606B7A3C3D13E3448C365DC429CA8F29363
                                                                                                                                                                                                                                                                          SHA-512:C24A09F18C3620D14C403B49DC9D0F714F06C95FE0CF154F880665CE03EE60F265B911B4417B3EEF8FBC806573E5578757649D2D6E4BE2D03CADA72781099CDB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[notifierStrings]..UTM_SOURCE=SecuriteInfo.com.Program.Unwanted.5412.9308.3353..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Systweak\Right Backup\ntfrUpdate.ini

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Right Backup\RBNotifier.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):11
                                                                                                                                                                                                                                                                          Entropy (8bit):3.277613436819116
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:tWXZW4n:tW44
                                                                                                                                                                                                                                                                          MD5:3A2678CD1C80D3BE6EAFD1DA756E9D40
                                                                                                                                                                                                                                                                          SHA1:A8F9B88BEB7DABB29DFA4C8F6C6197435B118F46
                                                                                                                                                                                                                                                                          SHA-256:E1CAF1C096854D2E7BD3C2F70E36B307185AB7E669AD619C7C4D6917D636BA91
                                                                                                                                                                                                                                                                          SHA-512:7007D65360AF8368112FE783839A8B141B810854CAE81CCDB2A30E44FAE8F2CF73D24D8F4A71FC48B41C6A4D2235F3FE397F49F74B86E8C6AECAB00225A99CD0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..[strings]

                                                                                                                                                                                                                                                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):55
                                                                                                                                                                                                                                                                          Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Entropy (8bit):7.978874235995717
                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 98.45%
                                                                                                                                                                                                                                                                          • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                                                                                          • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                          File name:SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          File size:14'973'712 bytes
                                                                                                                                                                                                                                                                          MD5:630eaf6b2cd6a3d86a3575f746a660ea
                                                                                                                                                                                                                                                                          SHA1:deecbf311666f0234c0b8bd8142b698c931ae822
                                                                                                                                                                                                                                                                          SHA256:be306e6861976343a15defb58fb07f500f5376eff3a54deb320ae64dd0a15431
                                                                                                                                                                                                                                                                          SHA512:fe46c7f8dce249090daba50dfbef4b22439b7abfde3f03c262e024c9ae81982d9077afeffc749100c673841c6a9d1365cd51b76b27fa2968ab03fe31bfa560f8
                                                                                                                                                                                                                                                                          SSDEEP:393216:IsvTmt3TP95cxsgsNUAgX6oXrPUZx7RV6Zc:IsbM3zTcagsiv6xx7RV6G
                                                                                                                                                                                                                                                                          TLSH:6BE6233BB2A8753EC86E1B7259739210A97BBF61A4168C1E07F4351CCF725702E3B616
                                                                                                                                                                                                                                                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                          Icon Hash:1c6761988ea6d261

                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Entrypoint:0x4b5eec
                                                                                                                                                                                                                                                                          Entrypoint Section:.itext
                                                                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                          Time Stamp:0x63ECF218 [Wed Feb 15 14:54:16 2023 UTC]
                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                                                                          Import Hash:e569e6f445d32ba23766ad67d1e3787f

                                                                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                                                                          Signature Valid:true
                                                                                                                                                                                                                                                                          Signature Issuer:CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                                                                                          Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                          Error Number:0
                                                                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                                                                          • 02/01/2023 09:18:25 03/01/2024 09:18:25
                                                                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                                                                          • CN=Systweak Software, O=Systweak Software, L=Jaipur, S=Rajasthan, C=IN
                                                                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                                                                          Thumbprint MD5:145AF6CF9CC6253F9256814D5FB65377
                                                                                                                                                                                                                                                                          Thumbprint SHA-1:CA72D74C8AF9C85FC52CAA27BB57B47E17A2DC8C
                                                                                                                                                                                                                                                                          Thumbprint SHA-256:74FA0622ACEE584F64DDD48E6DE861E0AEDCC02AEE08E516ECE0022AEAB3366C
                                                                                                                                                                                                                                                                          Serial:4D8352B3B0FD57E4B9AB6DAC

                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                          add esp, FFFFFFA4h
                                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                                                                                          mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                                                                                          mov eax, 004B14B8h
                                                                                                                                                                                                                                                                          call 00007F5088AB2C65h
                                                                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                          push 004B65E2h
                                                                                                                                                                                                                                                                          push dword ptr fs:[eax]
                                                                                                                                                                                                                                                                          mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                                                                          xor edx, edx
                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                          push 004B659Eh
                                                                                                                                                                                                                                                                          push dword ptr fs:[edx]
                                                                                                                                                                                                                                                                          mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                                                          mov eax, dword ptr [004BE634h]
                                                                                                                                                                                                                                                                          call 00007F5088B55757h
                                                                                                                                                                                                                                                                          call 00007F5088B552AAh
                                                                                                                                                                                                                                                                          lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                                                                          call 00007F5088AC8704h
                                                                                                                                                                                                                                                                          mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                          mov eax, 004C1D84h
                                                                                                                                                                                                                                                                          call 00007F5088AAD857h
                                                                                                                                                                                                                                                                          push 00000002h
                                                                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                                                                          push 00000001h
                                                                                                                                                                                                                                                                          mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                                                                                                          mov dl, 01h
                                                                                                                                                                                                                                                                          mov eax, dword ptr [004238ECh]
                                                                                                                                                                                                                                                                          call 00007F5088AC9887h
                                                                                                                                                                                                                                                                          mov dword ptr [004C1D88h], eax
                                                                                                                                                                                                                                                                          xor edx, edx
                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                          push 004B654Ah
                                                                                                                                                                                                                                                                          push dword ptr fs:[edx]
                                                                                                                                                                                                                                                                          mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                                                          call 00007F5088B557DFh
                                                                                                                                                                                                                                                                          mov dword ptr [004C1D90h], eax
                                                                                                                                                                                                                                                                          mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                                                          cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                                                                                          jne 00007F5088B5B9FAh
                                                                                                                                                                                                                                                                          mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                                                          mov edx, 00000028h
                                                                                                                                                                                                                                                                          call 00007F5088ACA17Ch
                                                                                                                                                                                                                                                                          mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xfdc.idata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x1c3a8.rsrc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xe41d900x5d80
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0xc22f40x254.idata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                          .text0x10000xb39e40xb3a0043af0a9476ca224d8e8461f1e22c94daFalse0.34525867693110646data6.357635049994181IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .itext0xb50000x16880x1800185e04b9a1f554e31f7f848515dc890cFalse0.54443359375data5.971425428435973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .data0xb70000x37a40x3800cab2107c933b696aa5cf0cc6c3fd3980False0.36097935267857145data5.048648594372454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .idata0xc20000xfdc0x1000e7d1635e2624b124cfdce6c360ac21cdFalse0.3798828125data5.029087481102678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .didata0xc30000x1a40x2008ced971d8a7705c98b173e255d8c9aa7False0.345703125data2.7509822285969876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .edata0xc40000x9a0x2008d4e1e508031afe235bf121c80fd7d5fFalse0.2578125data1.877162954504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .rsrc0xc70000x1c3a80x1c400cb18ca1c686bea17d3566ad0eb23e8b3False0.18041344026548672data4.346898958817336IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                          RT_ICON0xc75280x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.10411983911037502
                                                                                                                                                                                                                                                                          RT_ICON0xd7d500x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.20973075106282474
                                                                                                                                                                                                                                                                          RT_ICON0xdbf780x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.30715767634854774
                                                                                                                                                                                                                                                                          RT_ICON0xde5200x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.3482645403377111
                                                                                                                                                                                                                                                                          RT_ICON0xdf5c80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.3901639344262295
                                                                                                                                                                                                                                                                          RT_ICON0xdff500x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5390070921985816
                                                                                                                                                                                                                                                                          RT_STRING0xe03b80x360data0.34375
                                                                                                                                                                                                                                                                          RT_STRING0xe07180x260data0.3256578947368421
                                                                                                                                                                                                                                                                          RT_STRING0xe09780x45cdata0.4068100358422939
                                                                                                                                                                                                                                                                          RT_STRING0xe0dd40x40cdata0.3754826254826255
                                                                                                                                                                                                                                                                          RT_STRING0xe11e00x2d4data0.39226519337016574
                                                                                                                                                                                                                                                                          RT_STRING0xe14b40xb8data0.6467391304347826
                                                                                                                                                                                                                                                                          RT_STRING0xe156c0x9cdata0.6410256410256411
                                                                                                                                                                                                                                                                          RT_STRING0xe16080x374data0.4230769230769231
                                                                                                                                                                                                                                                                          RT_STRING0xe197c0x398data0.3358695652173913
                                                                                                                                                                                                                                                                          RT_STRING0xe1d140x368data0.3795871559633027
                                                                                                                                                                                                                                                                          RT_STRING0xe207c0x2a4data0.4275147928994083
                                                                                                                                                                                                                                                                          RT_RCDATA0xe23200x10data1.5
                                                                                                                                                                                                                                                                          RT_RCDATA0xe23300x2c4data0.6384180790960452
                                                                                                                                                                                                                                                                          RT_RCDATA0xe25f40x2cdata1.2045454545454546
                                                                                                                                                                                                                                                                          RT_GROUP_ICON0xe26200x5adataEnglishUnited States0.8
                                                                                                                                                                                                                                                                          RT_VERSION0xe267c0x584dataEnglishUnited States0.29249291784702547
                                                                                                                                                                                                                                                                          RT_MANIFEST0xe2c000x7a8XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3377551020408163

                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                          kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                                                                                                          comctl32.dllInitCommonControls
                                                                                                                                                                                                                                                                          version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                                                                                          user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                                                                                                          oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                                                                                                          netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                                                                                          advapi32.dllConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                                                                                                          Exports

                                                                                                                                                                                                                                                                          NameOrdinalAddress
                                                                                                                                                                                                                                                                          TMethodImplementationIntercept30x4541a8
                                                                                                                                                                                                                                                                          __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                                                                                                          dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                          Snort IDS Alerts

                                                                                                                                                                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          04/19/24-01:33:00.171014TCP2809549ETPRO MALWARE PUP Win32.Systweak.K Retrieving External IP4970680192.168.2.5157.245.131.96

                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.045680046 CEST4970680192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.170257092 CEST8049706157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.170443058 CEST4970680192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.171014071 CEST4970680192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.295373917 CEST8049706157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.295452118 CEST8049706157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.295691013 CEST4970680192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.307434082 CEST49707443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.307461023 CEST44349707157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.307570934 CEST49707443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.328480005 CEST49707443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.328499079 CEST44349707157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.728827953 CEST44349707157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.728914976 CEST49707443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.774555922 CEST49707443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.774588108 CEST44349707157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.775058031 CEST44349707157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.775116920 CEST49707443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.777354956 CEST49707443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.824115038 CEST44349707157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.917079926 CEST44349707157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.917184114 CEST49707443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.917202950 CEST44349707157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.917241096 CEST44349707157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.917303085 CEST49707443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.925621986 CEST49707443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.925638914 CEST44349707157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.934326887 CEST4970680192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.059187889 CEST8049706157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.059273005 CEST4970680192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.064980984 CEST49708443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.065031052 CEST44349708157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.065116882 CEST49708443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.065726042 CEST49708443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.065762043 CEST44349708157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.317742109 CEST44349708157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.318017006 CEST49708443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.318638086 CEST49708443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.318686962 CEST44349708157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.318820000 CEST49708443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.318844080 CEST44349708157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.624533892 CEST44349708157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.624629021 CEST49708443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.624670982 CEST44349708157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.624696970 CEST44349708157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.624743938 CEST49708443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.624778986 CEST49708443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.628091097 CEST49708443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.628134012 CEST44349708157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.753165007 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.753196001 CEST4434970913.33.4.104192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.753262043 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.753580093 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.753596067 CEST4434970913.33.4.104192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.980829954 CEST4434970913.33.4.104192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.980926037 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.986633062 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.986641884 CEST4434970913.33.4.104192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.987061977 CEST4434970913.33.4.104192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.987127066 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.987574100 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:02.028189898 CEST4434970913.33.4.104192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:02.382179022 CEST4434970913.33.4.104192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:02.382244110 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:02.382261992 CEST4434970913.33.4.104192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:02.382302999 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:02.382350922 CEST4434970913.33.4.104192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:02.382400990 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:02.383858919 CEST49709443192.168.2.513.33.4.104
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:02.383876085 CEST4434970913.33.4.104192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.158848047 CEST49723443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.158888102 CEST44349723165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.158965111 CEST49723443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.197205067 CEST49723443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.197242975 CEST44349723165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.600327015 CEST44349723165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.600398064 CEST49723443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.656594992 CEST49723443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.656620979 CEST44349723165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.657732964 CEST44349723165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.713340998 CEST49723443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.883784056 CEST49723443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.928154945 CEST44349723165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:45.010932922 CEST44349723165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:45.011105061 CEST44349723165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:45.011184931 CEST49723443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:45.221290112 CEST49723443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:50.337903023 CEST4970680192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:54.914832115 CEST4972580192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.035284996 CEST8049725157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.036751986 CEST4972580192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.066675901 CEST4972580192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.070697069 CEST4972680192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.187174082 CEST8049725157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.187195063 CEST8049725157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.187254906 CEST4972580192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.191436052 CEST8049726165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.191521883 CEST4972680192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.191878080 CEST4972680192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.195362091 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.195413113 CEST44349727157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.195739985 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.199424028 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.199439049 CEST44349727157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.312767982 CEST8049726165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.315224886 CEST8049726165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.431988955 CEST4972680192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.450920105 CEST44349727157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.451014042 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.511282921 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.511312962 CEST44349727157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.512168884 CEST44349727157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.512305021 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.514636040 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.560120106 CEST44349727157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.754589081 CEST44349727157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.754658937 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.754679918 CEST44349727157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.754728079 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.754739046 CEST44349727157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.754816055 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.780126095 CEST49727443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.780155897 CEST44349727157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.804836988 CEST4972580192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.805321932 CEST4972880192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.925374985 CEST8049725157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.925431967 CEST4972580192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.925929070 CEST8049728157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.926000118 CEST4972880192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.926309109 CEST4972880192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.047097921 CEST8049728157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.047163963 CEST8049728157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.047225952 CEST4972880192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.083293915 CEST49729443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.083332062 CEST44349729157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.083386898 CEST49729443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.083625078 CEST49729443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.083645105 CEST44349729157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.333246946 CEST44349729157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.333323002 CEST49729443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.333821058 CEST49729443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.333827019 CEST44349729157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.335438967 CEST49729443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.335453033 CEST44349729157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.629098892 CEST44349729157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.629247904 CEST44349729157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.629523993 CEST49729443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.629602909 CEST49729443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.629622936 CEST44349729157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.632766962 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.632814884 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.632910967 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.633208990 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.633228064 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.877449989 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.877525091 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.877983093 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.877991915 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.879642010 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.879647970 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695260048 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695312023 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695353031 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695355892 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695386887 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695398092 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695425987 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695446968 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695451975 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695539951 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695544958 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695579052 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.695622921 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.717746973 CEST49730443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.717768908 CEST44349730157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.729347944 CEST49731443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.729387999 CEST44349731157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.729458094 CEST4972880192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.729511023 CEST49731443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.729741096 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.729820967 CEST44349732157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.729902983 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.730303049 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.730339050 CEST44349732157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.730492115 CEST49731443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.730505943 CEST44349731157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.853893042 CEST8049728157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.854089022 CEST4972880192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.895378113 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.895416975 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.896804094 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.897121906 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.897161007 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.910868883 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.910907030 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.910969973 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.911381960 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.911400080 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.911451101 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.911674023 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.911694050 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.911796093 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.911838055 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.912034988 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.912049055 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.912060022 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.912281990 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.912300110 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.978017092 CEST44349732157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.978126049 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.978641987 CEST44349731157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.978734970 CEST49731443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.991770029 CEST49731443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.991779089 CEST44349731157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.993871927 CEST49731443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.993886948 CEST44349731157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.999206066 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.999265909 CEST44349732157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.999330997 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.999346972 CEST44349732157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.136018038 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.136086941 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.138570070 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.138653994 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.139271021 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.139276028 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.139765978 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.139827013 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.140199900 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.141928911 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.142019033 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.142349005 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.142374992 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.142710924 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.142759085 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.145313025 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.145325899 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.145806074 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.145870924 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.145993948 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.146260023 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.188138962 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.188153028 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.192121983 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.268116951 CEST44349732157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.268145084 CEST44349732157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.268192053 CEST44349732157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.268208027 CEST44349732157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.268224001 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.268224001 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.268290997 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.268291950 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.269078016 CEST49732443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.269138098 CEST44349732157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.269773006 CEST49740443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.269823074 CEST44349740157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.269887924 CEST49740443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.270113945 CEST49740443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.270127058 CEST44349740157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.271815062 CEST44349731157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.271835089 CEST44349731157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.271895885 CEST44349731157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.271924019 CEST49731443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.271938086 CEST49731443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.272726059 CEST49731443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.272748947 CEST44349731157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.273214102 CEST49741443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.273241997 CEST44349741157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.273288012 CEST49741443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.273606062 CEST49741443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.273619890 CEST44349741157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.292501926 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.292587042 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.296555042 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.296569109 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.296967983 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.297013998 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.297444105 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.338738918 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.338767052 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.338803053 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.338836908 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.338845968 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.338871956 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.338876963 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.338887930 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.338929892 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340117931 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340492010 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340544939 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340600014 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340610981 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340651035 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340688944 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340789080 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340809107 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340814114 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.340866089 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.341397047 CEST49737443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.341413021 CEST4434973769.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.341824055 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.341850042 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.342305899 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.342490911 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.342506886 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.398601055 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.398787975 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.398794889 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.398813963 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.398830891 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.398861885 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.398907900 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.398948908 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399017096 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399070978 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399117947 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399293900 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399303913 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399395943 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399445057 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399451971 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399584055 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399631023 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399636984 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399676085 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399709940 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399766922 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399811029 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399910927 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.399924994 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400038004 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400043011 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400119066 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400124073 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400223970 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400229931 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400270939 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400294065 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400341034 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400584936 CEST49739443192.168.2.5104.17.24.14
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.400594950 CEST44349739104.17.24.14192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443170071 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443207026 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443288088 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443288088 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443296909 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443361044 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443399906 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443404913 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443411112 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443427086 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443451881 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443465948 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443475008 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443543911 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443546057 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443623066 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443630934 CEST4434973869.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443638086 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443658113 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.443705082 CEST49738443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.444257021 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.444293022 CEST4434974369.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.444392920 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.444819927 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.444835901 CEST4434974369.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.520415068 CEST44349740157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.520483971 CEST49740443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.520881891 CEST49740443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.520891905 CEST44349740157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.522708893 CEST49740443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.522715092 CEST44349740157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.523997068 CEST44349741157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.524055004 CEST49741443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.524563074 CEST49741443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.524576902 CEST44349741157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.524734020 CEST49741443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.524743080 CEST44349741157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.553488016 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.553530931 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.553563118 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.553595066 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.553611994 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.553611994 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.553659916 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.554244041 CEST49736443192.168.2.523.108.29.119
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.554255962 CEST4434973623.108.29.119192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.560197115 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.560620070 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.561105013 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.561110020 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.563255072 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.563260078 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.656970978 CEST4434974369.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.657143116 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.657476902 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.657500982 CEST4434974369.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.659233093 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.659241915 CEST4434974369.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.769380093 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.769438028 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.769453049 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.769473076 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.769499063 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.769589901 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.769598007 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.769634008 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.769687891 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.770481110 CEST49742443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.770498037 CEST4434974269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.772164106 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.772192955 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.772711039 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.772963047 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.772978067 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.806720018 CEST44349740157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.806747913 CEST44349740157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.806785107 CEST49740443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.806797981 CEST44349740157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.806809902 CEST49740443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.806809902 CEST44349740157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.806859016 CEST49740443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.807830095 CEST49740443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.807842970 CEST44349740157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.808367014 CEST49745443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.808423042 CEST44349745157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.808722973 CEST49745443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.808958054 CEST49745443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.808988094 CEST44349745157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.817665100 CEST44349741157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.817692995 CEST44349741157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.817753077 CEST49741443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.817755938 CEST44349741157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.817792892 CEST49741443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.818492889 CEST49741443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.818504095 CEST44349741157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.865644932 CEST4434974369.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.865678072 CEST4434974369.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.865698099 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.865717888 CEST4434974369.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.865736008 CEST4434974369.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.865751028 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.865766048 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.865793943 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.866269112 CEST49743443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.866280079 CEST4434974369.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.867492914 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.867530107 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.868153095 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.868367910 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.868386030 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.987631083 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.987709045 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.988182068 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.988189936 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.991058111 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:58.991065979 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.059830904 CEST44349745157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.059923887 CEST49745443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.060290098 CEST49745443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.060307980 CEST44349745157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.061856985 CEST49745443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.061908007 CEST44349745157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.084111929 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.084201097 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.084718943 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.084743977 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.090267897 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.090295076 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.196166992 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.196237087 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.196247101 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.196266890 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.196300983 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.196337938 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.196343899 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.196372986 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.196635962 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.197240114 CEST49744443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.197251081 CEST4434974469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.198250055 CEST49751443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.198296070 CEST4434975169.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.198590994 CEST49751443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.198824883 CEST49751443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.198836088 CEST4434975169.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294545889 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294600964 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294652939 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294682980 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294713020 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294730902 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294737101 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294775963 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294783115 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294795036 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294821978 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294827938 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294879913 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.294928074 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.295752048 CEST49746443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.295763016 CEST4434974669.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.296397924 CEST49752443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.296415091 CEST4434975269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.296717882 CEST49752443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.296914101 CEST49752443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.296926975 CEST4434975269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.356362104 CEST44349745157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.356395960 CEST44349745157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.356471062 CEST44349745157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.356476068 CEST49745443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.356703997 CEST49745443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.357132912 CEST49745443192.168.2.5157.245.131.96
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.357158899 CEST44349745157.245.131.96192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.416409969 CEST4434975169.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.416713953 CEST49751443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.420808077 CEST49751443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.420818090 CEST4434975169.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.422317028 CEST49751443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.422323942 CEST4434975169.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.508268118 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.508322001 CEST4434975399.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.508712053 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.509044886 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.509067059 CEST4434975399.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.514029026 CEST4434975269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.514198065 CEST49752443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.514597893 CEST49752443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.514625072 CEST4434975269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.516015053 CEST49752443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.516024113 CEST4434975269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.625468016 CEST4434975169.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.625663042 CEST4434975169.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.625698090 CEST49751443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.628321886 CEST49751443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.628417015 CEST49751443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.628437996 CEST4434975169.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.629152060 CEST49754443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.629205942 CEST4434975469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.629282951 CEST49754443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.629508972 CEST49754443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.629520893 CEST4434975469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.722242117 CEST4434975269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.722392082 CEST4434975269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.722466946 CEST49752443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.723210096 CEST49752443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.723223925 CEST4434975269.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.760138988 CEST4434975399.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.760205984 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.764833927 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.764854908 CEST4434975399.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.765192986 CEST4434975399.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.765508890 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.765899897 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.765930891 CEST4434975399.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.847311974 CEST4434975469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.847822905 CEST49754443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.848202944 CEST49754443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.848211050 CEST4434975469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.850054026 CEST49754443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.850061893 CEST4434975469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.993249893 CEST4434975399.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.993510008 CEST4434975399.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.993628025 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.993674040 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.993700027 CEST4434975399.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.993716002 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.993978977 CEST49753443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.056200027 CEST4434975469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.056360006 CEST4434975469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.056710005 CEST49754443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.060173035 CEST49754443192.168.2.569.164.42.2
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.060187101 CEST4434975469.164.42.2192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.445136070 CEST49758443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.445172071 CEST4434975899.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.445242882 CEST49758443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.445456028 CEST49758443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.445472002 CEST4434975899.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.454652071 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.454687119 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.454852104 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.455074072 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.455113888 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.455164909 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.455478907 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.455495119 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.455662012 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.455683947 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.679481983 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.679549932 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.681603909 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.681682110 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.683923006 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.683933020 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.684189081 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.684247017 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.684613943 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.684639931 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.685868025 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.685879946 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.686290979 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.686366081 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.686707973 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.686747074 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.687056065 CEST4434975899.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.687136889 CEST49758443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.687372923 CEST49758443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.687397957 CEST4434975899.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.688756943 CEST49758443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.688772917 CEST4434975899.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.895200014 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.895277023 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.895291090 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.895378113 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.895382881 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.895488977 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.895493031 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.895548105 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.895558119 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.895798922 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896143913 CEST49760443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896158934 CEST44349760172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896469116 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896565914 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896584988 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896620989 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896629095 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896666050 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896739006 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896783113 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896825075 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896868944 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896934986 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.896981955 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.898201942 CEST49761443192.168.2.5172.217.215.154
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.898214102 CEST44349761172.217.215.154192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.018980026 CEST49762443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.019033909 CEST4434976264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.019105911 CEST49762443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.019188881 CEST49763443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.019217014 CEST4434976364.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.019298077 CEST49763443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.019742012 CEST49762443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.019771099 CEST4434976264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.019778013 CEST49763443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.019794941 CEST4434976364.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.239896059 CEST4434976364.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.240014076 CEST49763443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.241298914 CEST4434975899.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.241358995 CEST4434975899.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.241485119 CEST49758443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.241485119 CEST49758443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.242136002 CEST49758443192.168.2.599.84.208.33
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.242192984 CEST4434976264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.242209911 CEST4434975899.84.208.33192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.242281914 CEST49762443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.243841887 CEST49763443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.243858099 CEST4434976364.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.244118929 CEST4434976364.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.244180918 CEST49763443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.245620966 CEST49763443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.245660067 CEST4434976364.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.247035027 CEST49762443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.247051954 CEST4434976264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.247945070 CEST4434976264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.248378992 CEST49762443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.248771906 CEST49762443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.248828888 CEST4434976264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.453767061 CEST4434976264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.453829050 CEST4434976264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.453897953 CEST49762443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.453898907 CEST49762443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.454233885 CEST49762443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.454273939 CEST4434976264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.456862926 CEST49764443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.456902027 CEST44349764165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.457282066 CEST49764443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.459707022 CEST49764443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.459743023 CEST44349764165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.465807915 CEST4434976364.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.465867996 CEST49763443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.465879917 CEST4434976364.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.466043949 CEST49763443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.466109991 CEST49763443192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.466125965 CEST4434976364.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.847733974 CEST44349764165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.847827911 CEST49764443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.881222963 CEST49764443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.881261110 CEST44349764165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.881674051 CEST44349764165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.907969952 CEST49764443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.948112011 CEST44349764165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:02.102020979 CEST44349764165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:02.102174044 CEST44349764165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:02.102427959 CEST49764443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:02.113660097 CEST49764443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.280415058 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.385042906 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.385196924 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.388938904 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.493350029 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.990236044 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.990279913 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.990341902 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.992244005 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.096523046 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.098104000 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.098164082 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.098201990 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.098258018 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.880129099 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.988842010 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.440634012 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.440720081 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.440795898 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.441586971 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.546192884 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.547846079 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.547911882 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.547987938 CEST804976564.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.548042059 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.890290976 CEST49767443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.890362978 CEST44349767165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.890934944 CEST49767443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.894972086 CEST49767443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.894995928 CEST44349767165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.266165972 CEST44349767165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.266246080 CEST49767443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.267539024 CEST49767443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.267568111 CEST44349767165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.267793894 CEST44349767165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.269048929 CEST49767443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.316109896 CEST44349767165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.507204056 CEST44349767165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.507276058 CEST44349767165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.507386923 CEST49767443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:09.509347916 CEST49767443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:12.557888985 CEST4976580192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:17.761399984 CEST49771443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:17.761450052 CEST44349771165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:17.761512041 CEST49771443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:17.764060020 CEST49771443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:17.764080048 CEST44349771165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.149770021 CEST44349771165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.150017977 CEST49771443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.155884981 CEST49771443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.155905008 CEST44349771165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.156430006 CEST44349771165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.170015097 CEST49771443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.216161013 CEST44349771165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.389285088 CEST44349771165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.389458895 CEST44349771165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.389590025 CEST49771443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:18.402542114 CEST49771443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:19.550050974 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:19.654772997 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:19.654905081 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:19.655052900 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:19.759469986 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.185507059 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.185564995 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.185642004 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.186414957 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.292709112 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.295460939 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.295502901 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.295542002 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.295583010 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.338092089 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.990734100 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:21.104094028 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:21.565908909 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:21.565948009 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:21.566085100 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.623682976 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.728037119 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.731874943 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.731894016 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.731911898 CEST804977264.233.177.99192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.731939077 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.775573015 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.083138943 CEST49774443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.083192110 CEST44349774165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.083285093 CEST49774443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.084203959 CEST49774443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.084235907 CEST44349774165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.462632895 CEST44349774165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.462714911 CEST49774443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.464751959 CEST49774443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.464773893 CEST44349774165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.465147018 CEST44349774165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.466887951 CEST49774443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.512142897 CEST44349774165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.703468084 CEST44349774165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.703640938 CEST44349774165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.703738928 CEST49774443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:23.704394102 CEST49774443192.168.2.5165.227.176.158
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:24.147669077 CEST4977280192.168.2.564.233.177.99
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:35:00.316565037 CEST8049726165.227.176.158192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:35:00.320672989 CEST4972680192.168.2.5165.227.176.158

                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:32:59.893338919 CEST6032453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.037957907 CEST53603241.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.641957045 CEST5571253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.752089977 CEST53557121.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:43.969552040 CEST5391153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.076236010 CEST53539111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.780468941 CEST5174453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.791085005 CEST5501953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.796179056 CEST5606953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.890295982 CEST53517441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.903420925 CEST53550191.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.903789043 CEST53560691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.384187937 CEST6264953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.507185936 CEST53626491.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.348150969 CEST5804053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.452555895 CEST53580401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.912723064 CEST6136153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.018001080 CEST53613611.1.1.1192.168.2.5

                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:32:59.893338919 CEST192.168.2.51.1.1.10x2b2eStandard query (0)www.rightbackup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.641957045 CEST192.168.2.51.1.1.10x4ff5Standard query (0)wkrn9i3f01.execute-api.us-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:43.969552040 CEST192.168.2.51.1.1.10xebecStandard query (0)activate123.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.780468941 CEST192.168.2.51.1.1.10x2014Standard query (0)trackingapi.systweak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.791085005 CEST192.168.2.51.1.1.10x2e3cStandard query (0)cdn.systweak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.796179056 CEST192.168.2.51.1.1.10xf9a4Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.384187937 CEST192.168.2.51.1.1.10x8cb3Standard query (0)s1kegmsmob.execute-api.us-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.348150969 CEST192.168.2.51.1.1.10x2813Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.912723064 CEST192.168.2.51.1.1.10xa4f3Standard query (0)www.google.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.037957907 CEST1.1.1.1192.168.2.50x2b2eNo error (0)www.rightbackup.com157.245.131.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.752089977 CEST1.1.1.1192.168.2.50x4ff5No error (0)wkrn9i3f01.execute-api.us-east-1.amazonaws.com13.33.4.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.752089977 CEST1.1.1.1192.168.2.50x4ff5No error (0)wkrn9i3f01.execute-api.us-east-1.amazonaws.com13.33.4.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.752089977 CEST1.1.1.1192.168.2.50x4ff5No error (0)wkrn9i3f01.execute-api.us-east-1.amazonaws.com13.33.4.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.752089977 CEST1.1.1.1192.168.2.50x4ff5No error (0)wkrn9i3f01.execute-api.us-east-1.amazonaws.com13.33.4.69A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:44.076236010 CEST1.1.1.1192.168.2.50xebecNo error (0)activate123.com165.227.176.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.890295982 CEST1.1.1.1192.168.2.50x2014No error (0)trackingapi.systweak.com23.108.29.119A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.903420925 CEST1.1.1.1192.168.2.50x2e3cNo error (0)cdn.systweak.comsystweak1.hs.llnwd.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.903420925 CEST1.1.1.1192.168.2.50x2e3cNo error (0)systweak1.hs.llnwd.net69.164.42.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.903789043 CEST1.1.1.1192.168.2.50xf9a4No error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:57.903789043 CEST1.1.1.1192.168.2.50xf9a4No error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.507185936 CEST1.1.1.1192.168.2.50x8cb3No error (0)s1kegmsmob.execute-api.us-east-1.amazonaws.com99.84.208.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.507185936 CEST1.1.1.1192.168.2.50x8cb3No error (0)s1kegmsmob.execute-api.us-east-1.amazonaws.com99.84.208.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.507185936 CEST1.1.1.1192.168.2.50x8cb3No error (0)s1kegmsmob.execute-api.us-east-1.amazonaws.com99.84.208.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:59.507185936 CEST1.1.1.1192.168.2.50x8cb3No error (0)s1kegmsmob.execute-api.us-east-1.amazonaws.com99.84.208.6A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.452555895 CEST1.1.1.1192.168.2.50x2813No error (0)googleads.g.doubleclick.net172.217.215.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.452555895 CEST1.1.1.1192.168.2.50x2813No error (0)googleads.g.doubleclick.net172.217.215.156A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.452555895 CEST1.1.1.1192.168.2.50x2813No error (0)googleads.g.doubleclick.net172.217.215.155A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:00.452555895 CEST1.1.1.1192.168.2.50x2813No error (0)googleads.g.doubleclick.net172.217.215.157A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.018001080 CEST1.1.1.1192.168.2.50xa4f3No error (0)www.google.com64.233.177.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.018001080 CEST1.1.1.1192.168.2.50xa4f3No error (0)www.google.com64.233.177.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.018001080 CEST1.1.1.1192.168.2.50xa4f3No error (0)www.google.com64.233.177.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.018001080 CEST1.1.1.1192.168.2.50xa4f3No error (0)www.google.com64.233.177.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.018001080 CEST1.1.1.1192.168.2.50xa4f3No error (0)www.google.com64.233.177.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:01.018001080 CEST1.1.1.1192.168.2.50xa4f3No error (0)www.google.com64.233.177.105A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                          • www.rightbackup.com
                                                                                                                                                                                                                                                                          • wkrn9i3f01.execute-api.us-east-1.amazonaws.com
                                                                                                                                                                                                                                                                          • activate123.com
                                                                                                                                                                                                                                                                          • https:
                                                                                                                                                                                                                                                                            • cdn.systweak.com
                                                                                                                                                                                                                                                                            • cdnjs.cloudflare.com
                                                                                                                                                                                                                                                                            • trackingapi.systweak.com
                                                                                                                                                                                                                                                                            • googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                            • s1kegmsmob.execute-api.us-east-1.amazonaws.com
                                                                                                                                                                                                                                                                            • www.google.com

                                                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          0192.168.2.549706157.245.131.96801248C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.171014071 CEST295OUTGET /getipaddress.asp HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.295452118 CEST422INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:00 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                          Content-Length: 194
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Location: https://www.rightbackup.com/getipaddress.asp
                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:00.934326887 CEST336OUTGET /getipaddress.asp/ HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Cookie: _csrf=9neg0FpgTGUOd2ewIHKGlIcI
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:01.059187889 CEST423INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:00 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                          Content-Length: 194
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Location: https://www.rightbackup.com/getipaddress.asp/
                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          1192.168.2.549725157.245.131.96803496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.066675901 CEST945OUTGET /afterinstall.aspx?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.187195063 CEST1048INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:55 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                          Content-Length: 194
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Location: https://www.rightbackup.com/afterinstall.aspx?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          2192.168.2.549726165.227.176.158803496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.191878080 CEST719OUTGET /rightbackup/update.asp?utm_source=SecuriteInfo.com.Program.Unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=SecuriteInfo.com.Program.Unwanted.5412.9308.3353&utm_content=None&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=RightBackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=MicrosoftWindows10Pro&ram=8.00GB&model=avlwOHo2&procr=Intel(R)Core(TM)2CPU6600@2.40GHz&ibv=0&iev=0&pxl=RB_DEF_PIXEL&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&OfferType=1&sn=SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe HTTP/1.1
                                                                                                                                                                                                                                                                          Host: activate123.com
                                                                                                                                                                                                                                                                          Cache-Control: no-store,no-cache
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.315224886 CEST462INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:55 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 225
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          ETag: W/"e1-lreWvh4XY8kyAwyTg1yHHgW4HUE"
                                                                                                                                                                                                                                                                          Data Raw: 5b 41 70 70 6c 69 63 61 74 69 6f 6e 5d 20 0d 0a 50 52 4f 47 52 41 4d 5f 56 45 52 53 49 4f 4e 3d 32 2e 31 2e 31 30 30 31 2e 31 35 34 0d 0a 50 52 4f 47 52 41 4d 5f 55 52 4c 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 79 73 74 77 65 61 6b 2e 63 6f 6d 2f 73 65 74 75 70 73 2f 62 61 70 73 2f 72 62 73 65 74 75 70 5f 2e 65 78 65 20 0d 0a 50 52 4f 47 52 41 4d 5f 53 49 5a 45 3d 31 34 39 37 33 37 31 32 20 0d 0a 4f 70 65 6e 5f 42 72 6f 77 73 65 72 3d 30 20 0d 0a 49 53 5f 4d 41 4e 44 41 54 4f 52 59 3d 31 0d 0a 4b 65 79 3d 20 0d 0a 48 61 73 68 3d 64 65 65 63 62 66 33 31 31 36 36 36 66 30 32 33 34 63 30 62 38 62 64 38 31 34 32 62 36 39 38 63 39 33 31 61 65 38 32 32 0d 0a 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: [Application] PROGRAM_VERSION=2.1.1001.154PROGRAM_URL=https://cdn.systweak.com/setups/baps/rbsetup_.exe PROGRAM_SIZE=14973712 Open_Browser=0 IS_MANDATORY=1Key= Hash=deecbf311666f0234c0b8bd8142b698c931ae822


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          3192.168.2.549728157.245.131.96803496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:55.926309109 CEST986OUTGET /afterinstall.aspx/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Cookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:33:56.047163963 CEST1049INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:55 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                          Content-Length: 194
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Location: https://www.rightbackup.com/afterinstall.aspx/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                          4192.168.2.54976564.233.177.9980
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.388938904 CEST64OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.990236044 CEST1289INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                          Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgRRtTk0GO7bhrEGIjCETCh9UtZYlspzRqjPwiNRWOfzR7PdEmdaI2i22-n8z8tywl1DtL93if4xmfly0tkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                                                                                                                                                                          x-hallmonitor-challenge: CgwI7tuGsQYQxey5ugMSBFG1OTQ
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-XQdT9sfzFLBRQoCAvOWKQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:06 GMT
                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                          Content-Length: 396
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                          Set-Cookie: 1P_JAR=2024-04-18-23; expires=Sat, 18-May-2024 23:34:06 GMT; path=/; domain=.google.com; Secure
                                                                                                                                                                                                                                                                          Set-Cookie: AEC=AQTF6HzlbpfxzIfl3tlgTBSBxZoEXfxApiu2ssT5rIwd98eSYjS52x39t2Q; expires=Tue, 15-Oct-2024 23:34:06 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                                                                          Set-Cookie: NID=513=USWvjVNU7I49f8_qYZDVIbIpjHHZ1rOIFS3nvw7pi2YsseYOvu3_9x--6K7NvAC4JtKheaIUDNgjiolgAWgjumyQ89tMF7x32qDD91XecLHF6B-YtFfdeCBrMvVMiFlOKGU9GbrGE0od9Xp3PW47vveNu3H_5Oqylqo9oS46a3Y; expires=Fri, 18-Oct-2024 23:34:06 GMT; path=/; domain=
                                                                                                                                                                                                                                                                          Data Raw:
                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.990279913 CEST420INData Raw: 67 6f 6f 67 6c 65 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f
                                                                                                                                                                                                                                                                          Data Ascii: google.com; HttpOnly<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="http://www.google.com/sorry/index?continue=http://w
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:06.992244005 CEST213OUTGET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GO7bhrEGIjCETCh9UtZYlspzRqjPwiNRWOfzR7PdEmdaI2i22-n8z8tywl1DtL93if4xmfly0tkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.098104000 CEST1289INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:07 GMT
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                          Server: HTTP server (unknown)
                                                                                                                                                                                                                                                                          Content-Length: 3051
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 20 6f 76 65 72 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 3a 63 6f 6e 74 61 69 6e 3b 22 20 6f 6e 6c 6f 61 64 3d 22 65 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 27 29 3b 69 66 28 65 29 7b 65 2e 66 6f 63 75 73 28 29 3b 7d 20 69 66 28 73 6f 6c 76 65 53 69 6d 70 6c 65 43 68 61 6c 6c 65 6e 67 65 29 20 7b 73 6f 6c 76 65 53 69 6d 70 6c 65 43 68 61 6c 6c 65 6e 67 65 28 2c 29 3b 7d 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 78 2d 77 69 64 74 68 3a 34 30 30 70 78 3b 22 3e 0a 3c 68 72 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 63 63 63 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 63 63 63 3b 22 3e 3c 62 72 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 63 61 70 74 63 68 61 2d 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 69 6e 64 65 78 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 0a 3c 6e 6f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 22 3e 0a 20 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 63 6f 6e 74 69 6e 75 65 2c 20 70 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 6a 61 76 61 73 63 72 69 70 74 20 6f 6e 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74
                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>http://www.google.com/</title></head><body style="font-family: arial, sans-serif; background-color: #fff; color: #000; padding:20px; font-size:18px; overscroll-behavior:contain;" onload="e=document.getElementById('captcha');if(e){e.focus();} if(solveSimpleChallenge) {solveSimpleChallenge(,);}"><div style="max-width:400px;"><hr noshade size="1" style="color:#ccc; background-color:#ccc;"><br><form id="captcha-form" action="index" method="post"><noscript><div style="font-size:13px;"> In order to continue, please enable javascript on your web browser.</div></noscript><script src="https://www.google.com/recaptcha/api.js" async defer></script><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" dat
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.098164082 CEST1289INData Raw: 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b
                                                                                                                                                                                                                                                                          Data Ascii: a-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="4pGfzv0qeMQqFt49yVeNakB3hRLhnEWdee9PBfaInHBcWAXXY9fbKYGF4lsg1phDQJmY30GyB595jArnnkei3Dk_CFldpdY2hdnCMFBkvLheMWYSpqnRMbDwiAQuh2pO0iUL87ZchKeDWt5zbgjmdhJ
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.098201990 CEST753INData Raw: 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e 67 20 74 68 65 20 61 62 6f 76 65
                                                                                                                                                                                                                                                                          Data Ascii: will expire shortly after those requests stop. In the meantime, solving the above CAPTCHA will let you continue to use our services.<br><br>This traffic may have been sent by malicious software, a browser plug-in, or a script that sends autom
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:07.880129099 CEST40OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.440634012 CEST1289INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                          Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgRRtTk0GO_bhrEGIjBicapeUPPORed_k7SaohNnnaEUzA_nA6L1WELRTq_i0fpuMUuxRz1Zkh1zrha3hF0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                                                                                                                                                                          x-hallmonitor-challenge: CgwI8NuGsQYQ_b_GtAESBFG1OTQ
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-7oTmkseaFgGzPmI4qc3kkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:08 GMT
                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                          Content-Length: 396
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                          Set-Cookie: 1P_JAR=2024-04-18-23; expires=Sat, 18-May-2024 23:34:08 GMT; path=/; domain=.google.com; Secure
                                                                                                                                                                                                                                                                          Set-Cookie: AEC=AQTF6HwWyD1iX5hI3xi0s_u9zRniBm4rZ9mxpaTZW958uhX5slYiqpE58Fw; expires=Tue, 15-Oct-2024 23:34:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                                                                          Set-Cookie: NID=513=TE8OgJPM18hecpXT1m4ReioTc7vZq6aOE_o6oxPOBQ5kwOiQezwaJA5DhmOgLUEubfk-Uy01IvcJzJADcyWt7oTOdc44ikM7MzAAI3zGOMv5mkseF0ivEuocOI3NVvGXO_-6WSigoV4kICNojsDsWSI0KP5DBtJlu4EXuHbhkAc; expires=Fri, 18-Oct-2024 23:34:07 GMT; path=/; domain=
                                                                                                                                                                                                                                                                          Data Raw:
                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.440720081 CEST420INData Raw: 67 6f 6f 67 6c 65 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f
                                                                                                                                                                                                                                                                          Data Ascii: google.com; HttpOnly<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="http://www.google.com/sorry/index?continue=http://w
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.441586971 CEST213OUTGET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GO_bhrEGIjBicapeUPPORed_k7SaohNnnaEUzA_nA6L1WELRTq_i0fpuMUuxRz1Zkh1zrha3hF0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.547846079 CEST1289INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:08 GMT
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                          Server: HTTP server (unknown)
                                                                                                                                                                                                                                                                          Content-Length: 3051
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 20 6f 76 65 72 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 3a 63 6f 6e 74 61 69 6e 3b 22 20 6f 6e 6c 6f 61 64 3d 22 65 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 27 29 3b 69 66 28 65 29 7b 65 2e 66 6f 63 75 73 28 29 3b 7d 20 69 66 28 73 6f 6c 76 65 53 69 6d 70 6c 65 43 68 61 6c 6c 65 6e 67 65 29 20 7b 73 6f 6c 76 65 53 69 6d 70 6c 65 43 68 61 6c 6c 65 6e 67 65 28 2c 29 3b 7d 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 78 2d 77 69 64 74 68 3a 34 30 30 70 78 3b 22 3e 0a 3c 68 72 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 63 63 63 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 63 63 63 3b 22 3e 3c 62 72 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 63 61 70 74 63 68 61 2d 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 69 6e 64 65 78 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 0a 3c 6e 6f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 22 3e 0a 20 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 63 6f 6e 74 69 6e 75 65 2c 20 70 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 6a 61 76 61 73 63 72 69 70 74 20 6f 6e 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74
                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>http://www.google.com/</title></head><body style="font-family: arial, sans-serif; background-color: #fff; color: #000; padding:20px; font-size:18px; overscroll-behavior:contain;" onload="e=document.getElementById('captcha');if(e){e.focus();} if(solveSimpleChallenge) {solveSimpleChallenge(,);}"><div style="max-width:400px;"><hr noshade size="1" style="color:#ccc; background-color:#ccc;"><br><form id="captcha-form" action="index" method="post"><noscript><div style="font-size:13px;"> In order to continue, please enable javascript on your web browser.</div></noscript><script src="https://www.google.com/recaptcha/api.js" async defer></script><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" dat
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.547911882 CEST1289INData Raw: 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b
                                                                                                                                                                                                                                                                          Data Ascii: a-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="eby_oGb-lcVrQ6DGU4n-Sf8psSwvsNnZzTnmbLHykdPS4gywhEQe47rYNyI_lYMbfMWTA1C_xTauqMIVSAvEHkeRQ4ZRbQTQb_luTltIFP-PYDUQCz7qjHr5KHRtBoCTjllO44bsCUqm8SwUHinzFOj
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:08.547987938 CEST753INData Raw: 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e 67 20 74 68 65 20 61 62 6f 76 65
                                                                                                                                                                                                                                                                          Data Ascii: will expire shortly after those requests stop. In the meantime, solving the above CAPTCHA will let you continue to use our services.<br><br>This traffic may have been sent by malicious software, a browser plug-in, or a script that sends autom


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                          5192.168.2.54977264.233.177.9980
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:19.655052900 CEST64OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.185507059 CEST1289INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                          Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgRRtTk0GPvbhrEGIjD9CNYptdrUpkXnpROC2ijQf6k6DnUYpw8oBI7X3BhHAzL9qBXXme4pJbt_UQaZysAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                                                                                                                                                                          x-hallmonitor-challenge: CgsI_NuGsQYQr7TFOhIEUbU5NA
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-2di0ubpIQ64FoerXbp_MGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:20 GMT
                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                          Content-Length: 396
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                          Set-Cookie: 1P_JAR=2024-04-18-23; expires=Sat, 18-May-2024 23:34:20 GMT; path=/; domain=.google.com; Secure
                                                                                                                                                                                                                                                                          Set-Cookie: AEC=AQTF6HyUhrBOtf-FZob-FxOFRNuw2coXqOLGQa2L6RVInkPaPaDQGazzdw; expires=Tue, 15-Oct-2024 23:34:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                                                                          Set-Cookie: NID=513=O1BUiRjTMGNArQOAv_Qtv4zNV_LZ_Ev9z_y2BFfY5hT5Hb_RDjiuD3l3WmN_dIHfwlvNcaMa6-3t7o1S4MUOuQ2_ACtGZPZyystlurm3qKO0OW6jQrxCLTs6h7BAKE2iugyxCzf66fYznWD6_YRSsF-j88XI1ZXVWSqopC_yWx8; expires=Fri, 18-Oct-2024 23:34:19 GMT; path=/; domain=.g
                                                                                                                                                                                                                                                                          Data Raw:
                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.185564995 CEST418INData Raw: 6f 67 6c 65 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74
                                                                                                                                                                                                                                                                          Data Ascii: ogle.com; HttpOnly<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="http://www.google.com/sorry/index?continue=http://www
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.186414957 CEST213OUTGET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GPvbhrEGIjD9CNYptdrUpkXnpROC2ijQf6k6DnUYpw8oBI7X3BhHAzL9qBXXme4pJbt_UQaZysAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.295460939 CEST1289INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:20 GMT
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                          Server: HTTP server (unknown)
                                                                                                                                                                                                                                                                          Content-Length: 3051
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 20 6f 76 65 72 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 3a 63 6f 6e 74 61 69 6e 3b 22 20 6f 6e 6c 6f 61 64 3d 22 65 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 27 29 3b 69 66 28 65 29 7b 65 2e 66 6f 63 75 73 28 29 3b 7d 20 69 66 28 73 6f 6c 76 65 53 69 6d 70 6c 65 43 68 61 6c 6c 65 6e 67 65 29 20 7b 73 6f 6c 76 65 53 69 6d 70 6c 65 43 68 61 6c 6c 65 6e 67 65 28 2c 29 3b 7d 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 78 2d 77 69 64 74 68 3a 34 30 30 70 78 3b 22 3e 0a 3c 68 72 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 63 63 63 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 63 63 63 3b 22 3e 3c 62 72 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 63 61 70 74 63 68 61 2d 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 69 6e 64 65 78 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 0a 3c 6e 6f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 22 3e 0a 20 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 63 6f 6e 74 69 6e 75 65 2c 20 70 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 6a 61 76 61 73 63 72 69 70 74 20 6f 6e 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74
                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>http://www.google.com/</title></head><body style="font-family: arial, sans-serif; background-color: #fff; color: #000; padding:20px; font-size:18px; overscroll-behavior:contain;" onload="e=document.getElementById('captcha');if(e){e.focus();} if(solveSimpleChallenge) {solveSimpleChallenge(,);}"><div style="max-width:400px;"><hr noshade size="1" style="color:#ccc; background-color:#ccc;"><br><form id="captcha-form" action="index" method="post"><noscript><div style="font-size:13px;"> In order to continue, please enable javascript on your web browser.</div></noscript><script src="https://www.google.com/recaptcha/api.js" async defer></script><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" dat
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.295502901 CEST1289INData Raw: 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b
                                                                                                                                                                                                                                                                          Data Ascii: a-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="O3yHR0eImU_AZJ9n4T3pC21raM1wJ445FXi1XxnCXzQMu1N1AXWAN0y5RWPDxLzXQMtpUjeCudT7K2idNlP1-Ld6cOSqgXQrrklDkFvHdqUPKk7eNyb1TwP1AGCSgg-bM1MQJ1kLx6B0d984Wj1xj_M
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.295542002 CEST753INData Raw: 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e 67 20 74 68 65 20 61 62 6f 76 65
                                                                                                                                                                                                                                                                          Data Ascii: will expire shortly after those requests stop. In the meantime, solving the above CAPTCHA will let you continue to use our services.<br><br>This traffic may have been sent by malicious software, a browser plug-in, or a script that sends autom
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:20.990734100 CEST40OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:21.565908909 CEST1289INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                          Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgRRtTk0GP3bhrEGIjDXJz3M4S1TfDaN5vCHPwS6yS7tx5yyoQn_AeiAlVlkM0Jcx90RBY8TAkDhaTcBrCAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                                                                                                                                                                          x-hallmonitor-challenge: CgwI_duGsQYQxcbw7wESBFG1OTQ
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-gzbNO9ItvOwSDDddv8p2Zw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:21 GMT
                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                          Content-Length: 396
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                          Set-Cookie: 1P_JAR=2024-04-18-23; expires=Sat, 18-May-2024 23:34:21 GMT; path=/; domain=.google.com; Secure
                                                                                                                                                                                                                                                                          Set-Cookie: AEC=AQTF6Hxv3vCIE6sAwuGaio5agspwPfNy_rPggCKZSCKXGC6mcmzUovXo7A; expires=Tue, 15-Oct-2024 23:34:21 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                                                                          Set-Cookie: NID=513=feygVmg5DgpEVffD8tLSlY91mfGqAdvnkhqQFYdhbRf0rq9FdHlmBa12_GIZPJInOb_qlKnL80wmaxx-bBDbmmJfO4ljZMDTSEeerOU8foDFy_F62WJQ4rDR67Lg67ATqxMZZjAlhrXKFdVFdmqMP1Ps_HPCpYueH9G-N5xHylw; expires=Fri, 18-Oct-2024 23:34:21 GMT; path=/; domain=.
                                                                                                                                                                                                                                                                          Data Raw:
                                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:21.565948009 CEST419INData Raw: 6f 6f 67 6c 65 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 0d 0a 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68
                                                                                                                                                                                                                                                                          Data Ascii: oogle.com; HttpOnly<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="http://www.google.com/sorry/index?continue=http://ww
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.623682976 CEST213OUTGET /sorry/index?continue=http://www.google.com/&q=EgRRtTk0GP3bhrEGIjDXJz3M4S1TfDaN5vCHPwS6yS7tx5yyoQn_AeiAlVlkM0Jcx90RBY8TAkDhaTcBrCAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.731874943 CEST1289INHTTP/1.1 429 Too Many Requests
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:22 GMT
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                          Server: HTTP server (unknown)
                                                                                                                                                                                                                                                                          Content-Length: 3051
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 20 70 61 64 64 69 6e 67 3a 32 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 20 6f 76 65 72 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 3a 63 6f 6e 74 61 69 6e 3b 22 20 6f 6e 6c 6f 61 64 3d 22 65 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 27 29 3b 69 66 28 65 29 7b 65 2e 66 6f 63 75 73 28 29 3b 7d 20 69 66 28 73 6f 6c 76 65 53 69 6d 70 6c 65 43 68 61 6c 6c 65 6e 67 65 29 20 7b 73 6f 6c 76 65 53 69 6d 70 6c 65 43 68 61 6c 6c 65 6e 67 65 28 2c 29 3b 7d 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 78 2d 77 69 64 74 68 3a 34 30 30 70 78 3b 22 3e 0a 3c 68 72 20 6e 6f 73 68 61 64 65 20 73 69 7a 65 3d 22 31 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 63 63 63 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 63 63 63 3b 22 3e 3c 62 72 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 63 61 70 74 63 68 61 2d 66 6f 72 6d 22 20 61 63 74 69 6f 6e 3d 22 69 6e 64 65 78 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 0a 3c 6e 6f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 22 3e 0a 20 20 49 6e 20 6f 72 64 65 72 20 74 6f 20 63 6f 6e 74 69 6e 75 65 2c 20 70 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 6a 61 76 61 73 63 72 69 70 74 20 6f 6e 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74
                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>http://www.google.com/</title></head><body style="font-family: arial, sans-serif; background-color: #fff; color: #000; padding:20px; font-size:18px; overscroll-behavior:contain;" onload="e=document.getElementById('captcha');if(e){e.focus();} if(solveSimpleChallenge) {solveSimpleChallenge(,);}"><div style="max-width:400px;"><hr noshade size="1" style="color:#ccc; background-color:#ccc;"><br><form id="captcha-form" action="index" method="post"><noscript><div style="font-size:13px;"> In order to continue, please enable javascript on your web browser.</div></noscript><script src="https://www.google.com/recaptcha/api.js" async defer></script><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" dat
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.731894016 CEST1289INData Raw: 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b
                                                                                                                                                                                                                                                                          Data Ascii: a-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="cOx2S9sw3X0wUAOsa-sz7QyDpDhuzgYSsXyAlDa54O2NMts44Blgzdf6u1VBqDr-4jwk3jcHSHhYd-l3TzIHxoJa-N9MAOmLb6wfQF-vNtBTQr_ScZipitHRdyX90ChxaaLZUaEe5ZtmXxtKvxMGnmU
                                                                                                                                                                                                                                                                          Apr 19, 2024 01:34:22.731911898 CEST753INData Raw: 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e 67 20 74 68 65 20 61 62 6f 76 65
                                                                                                                                                                                                                                                                          Data Ascii: will expire shortly after those requests stop. In the meantime, solving the above CAPTCHA will let you continue to use our services.<br><br>This traffic may have been sent by malicious software, a browser plug-in, or a script that sends autom


                                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          0192.168.2.549707157.245.131.964431248C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:00 UTC295OUTGET /getipaddress.asp HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          2024-04-18 23:33:00 UTC327INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:00 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 78
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          set-cookie: _csrf=9neg0FpgTGUOd2ewIHKGlIcI; Path=/
                                                                                                                                                                                                                                                                          Location: http://www.rightbackup.com/getipaddress.asp/
                                                                                                                                                                                                                                                                          Vary: Accept
                                                                                                                                                                                                                                                                          2024-04-18 23:33:00 UTC78INData Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 77 77 77 2e 72 69 67 68 74 62 61 63 6b 75 70 2e 63 6f 6d 2f 67 65 74 69 70 61 64 64 72 65 73 73 2e 61 73 70 2f
                                                                                                                                                                                                                                                                          Data Ascii: Moved Permanently. Redirecting to http://www.rightbackup.com/getipaddress.asp/


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          1192.168.2.549708157.245.131.964431248C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:01 UTC336OUTGET /getipaddress.asp/ HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Cookie: _csrf=9neg0FpgTGUOd2ewIHKGlIcI
                                                                                                                                                                                                                                                                          2024-04-18 23:33:01 UTC206INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:01 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          2024-04-18 23:33:01 UTC22INData Raw: 63 0d 0a 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: c81.181.57.520


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          2192.168.2.54970913.33.4.1044431248C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:01 UTC324OUTGET /ip?ip=81.181.57.52 HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: wkrn9i3f01.execute-api.us-east-1.amazonaws.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:02 UTC676INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                                          Content-Length: 335
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:02 GMT
                                                                                                                                                                                                                                                                          x-amzn-RequestId: 7d15afaf-15d8-46a9-a555-3093f4e16a15
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization
                                                                                                                                                                                                                                                                          x-amz-apigw-id: WcgTQEe0IAMEYTg=
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST,GET,OPTIONS
                                                                                                                                                                                                                                                                          X-Amzn-Trace-Id: Root=1-6621adae-0284a1cc30e724524631ce69;Parent=330e2f3d78a46bbc;Sampled=0;lineage=29f4acb2:0
                                                                                                                                                                                                                                                                          X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                          Via: 1.1 f191d757f16dd6002ae3a0c09389b68a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                          X-Amz-Cf-Pop: ATL58-P1
                                                                                                                                                                                                                                                                          X-Amz-Cf-Id: thxAJCtpWwmYoelwFIGxGu9CAQAD5dikUI4xvF_ifBuq-V7Kk0Obvg==
                                                                                                                                                                                                                                                                          2024-04-18 23:33:02 UTC335INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 22 73 75 63 63 65 73 73 22 2c 20 22 63 69 74 79 22 3a 20 22 41 74 6c 61 6e 74 61 22 2c 20 22 7a 69 70 22 3a 20 22 33 30 33 30 31 22 2c 20 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 20 22 55 53 22 2c 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 20 22 72 65 67 69 6f 6e 22 3a 20 22 47 41 22 2c 20 22 69 73 70 22 3a 20 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 20 22 6c 6f 6e 22 3a 20 2d 38 34 2e 33 38 37 31 2c 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 20 22 61 73 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 20 22 71 75 65 72 79 22 3a 20 22 38 31 2e 31 38 31 2e 35 37 2e 35 32
                                                                                                                                                                                                                                                                          Data Ascii: {"status": "success", "city": "Atlanta", "zip": "30301", "countryCode": "US", "country": "United States", "region": "GA", "isp": "Datacamp Limited", "lon": -84.3871, "timezone": "America/New_York", "as": "AS212238 Datacamp Limited", "query": "81.181.57.52


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          3192.168.2.549723165.227.176.1584432472C:\Program Files (x86)\Right Backup\RBNotifier.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:44 UTC403OUTGET /rightbackup/notifier/update.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1
                                                                                                                                                                                                                                                                          Host: activate123.com
                                                                                                                                                                                                                                                                          Cache-Control: no-store,no-cache
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:45 UTC230INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:44 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 11
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          ETag: W/"b-qPm4i+t9q7Kd+kyPbGGXQ1sRj0Y"
                                                                                                                                                                                                                                                                          2024-04-18 23:33:45 UTC11INData Raw: 0d 0a 5b 73 74 72 69 6e 67 73 5d
                                                                                                                                                                                                                                                                          Data Ascii: [strings]


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          4192.168.2.549727157.245.131.964433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:55 UTC945OUTGET /afterinstall.aspx?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          2024-04-18 23:33:55 UTC954INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:55 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 704
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          set-cookie: _csrf=flbBQWxD6ddzUsgfFkhaov60; Path=/
                                                                                                                                                                                                                                                                          Location: http://www.rightbackup.com/afterinstall.aspx/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Vary: Accept
                                                                                                                                                                                                                                                                          2024-04-18 23:33:55 UTC704INData Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 77 77 77 2e 72 69 67 68 74 62 61 63 6b 75 70 2e 63 6f 6d 2f 61 66 74 65 72 69 6e 73 74 61 6c 6c 2e 61 73 70 78 2f 3f 6e 65 77 72 62 3d 31 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 61 66 74 65 72 69 6e 73 74 61 6c 6c 26 75 74 6d 5f 74 65 72 6d 3d 73 65 74 75 70 26 70 61 67 65 3d 69 6e 73 74 61 6c 6c 26 75 74 6d 5f 73 6f 75 72 63 65 3d 73 65 63 75 72 69 74 65 69 6e 66 6f 2e 63 6f 6d 2e 70 72 6f 67 72 61 6d 2e 75 6e 77 61 6e 74 65 64 2e 35 34 31 32 2e 39 33 30 38 2e 33 33 35 33 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 65 63 75 72 69 74 65 69 6e 66 6f 2e 63 6f 6d 2e 70 72 6f 67 72 61 6d 2e 75 6e 77 61 6e 74 65 64 2e 35 34 31 32 2e 39 33
                                                                                                                                                                                                                                                                          Data Ascii: Moved Permanently. Redirecting to http://www.rightbackup.com/afterinstall.aspx/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.93


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          5192.168.2.549729157.245.131.964433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:56 UTC986OUTGET /afterinstall.aspx/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Cookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                                                                                                                                                                                                                                                          2024-04-18 23:33:56 UTC860INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:56 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 662
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          Location: /after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Vary: Accept
                                                                                                                                                                                                                                                                          2024-04-18 23:33:56 UTC662INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 61 66 74 65 72 2d 69 6e 73 74 61 6c 6c 2f 3f 6e 65 77 72 62 3d 31 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 61 66 74 65 72 69 6e 73 74 61 6c 6c 26 75 74 6d 5f 74 65 72 6d 3d 73 65 74 75 70 26 70 61 67 65 3d 69 6e 73 74 61 6c 6c 26 75 74 6d 5f 73 6f 75 72 63 65 3d 73 65 63 75 72 69 74 65 69 6e 66 6f 2e 63 6f 6d 2e 70 72 6f 67 72 61 6d 2e 75 6e 77 61 6e 74 65 64 2e 35 34 31 32 2e 39 33 30 38 2e 33 33 35 33 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 65 63 75 72 69 74 65 69 6e 66 6f 2e 63 6f 6d 2e 70 72 6f 67 72 61 6d 2e 75 6e 77 61 6e 74 65 64 2e 35 34 31 32 2e 39 33 30 38 2e 33 33 35 33 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 6e 65 77 62 75 69 6c 64 26 61 66 66 69 6c 69 61 74 65 69 64 3d 26 69
                                                                                                                                                                                                                                                                          Data Ascii: Found. Redirecting to /after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&i


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          6192.168.2.549730157.245.131.964433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:56 UTC982OUTGET /after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Cookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                                                                                                                                                                                                                                                          2024-04-18 23:33:57 UTC259INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:57 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 16135
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          ETag: W/"3f07-EtrvliBIyHWKsAYEo6musIEomw0"
                                                                                                                                                                                                                                                                          2024-04-18 23:33:57 UTC16125INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 74 69 74 6c 65 3e 54 68 61 6e 6b 79 6f 75 20 66 6f 72 20 49 6e 73 74 61 6c 6c 69 6e 67 20 52 69 67 68 74 20 42 61 63 6b 75 70 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e
                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE HTML><html lang="en"><head> <meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Thankyou for Installing Right Backup!</title><meta n
                                                                                                                                                                                                                                                                          2024-04-18 23:33:57 UTC10INData Raw: 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                                          Data Ascii: ></html>


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          7192.168.2.549731157.245.131.964433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:57 UTC1045OUTGET /css/after/typography.css HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC342INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:58 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/css; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Length: 2739
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=0
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 05 Oct 2023 13:54:04 GMT
                                                                                                                                                                                                                                                                          ETag: W/"ab3-18b001df060"
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC2739INData Raw: 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 53 65 67 6f 65 20 55 49 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 73 72 63 3a 20 6c 6f 63 61 6c 28 27 53 65 67 6f 65 20 55 49 20 4c 69 67 68 74 27 29 2c 20 6c 6f 63 61 6c 28 27 53 65 67 6f 65 2d 55 49 2d 4c 69 67 68 74 27 29 2c 20 75 72 6c 28 22 53 65 67 6f 65 2d 55 49 2d 4c 69 67 68 74 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 27 29 3b 0a 7d 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 53 65 67 6f 65 20 55 49 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65
                                                                                                                                                                                                                                                                          Data Ascii: @font-face { font-family: 'Segoe UI'; font-style: normal; font-weight: 300; src: local('Segoe UI Light'), local('Segoe-UI-Light'), url("Segoe-UI-Light.woff") format('woff');}@font-face { font-family: 'Segoe UI'; font-style: normal; font-we


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          8192.168.2.549732157.245.131.964433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:57 UTC1039OUTGET /css/afterpages.css HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC343INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:58 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/css; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Length: 9609
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=0
                                                                                                                                                                                                                                                                          Last-Modified: Sun, 29 Oct 2023 15:31:49 GMT
                                                                                                                                                                                                                                                                          ETag: W/"2589-18b7c100e88"
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC9609INData Raw: 62 6f 64 79 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 36 66 36 66 36 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 3b 7d 0a 2f 2a 20 48 65 61 64 65 72 20 63 73 73 20 73 74 61 72 74 20 2a 2f 0a 2e 74 6f 70 2d 68 65 61 64 65 72 2d 72 6f 77 7b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 30 30 30 30 30 30 3b 20 70 61 64 64 69 6e 67 3a 20 32 31 70 78 20 30 20 31 34 70 78 3b 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 34 64 34 64 34 64 3b 7d 0a 2e 68 65 61 64 65 72 2d 6d 65 6e 75 2d 72 6f 77 7b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 32 33 32 33 32 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 32 36 32 36 32 36 3b 7d 0a 2e 68 65 61 64 65
                                                                                                                                                                                                                                                                          Data Ascii: body{ background-color: #f6f6f6;background-repeat: repeat;}/* Header css start */.top-header-row{ background: #000000; padding: 21px 0 14px; border-bottom: solid 1px #4d4d4d;}.header-menu-row{ background: #323232; border-top: solid 1px #262626;}.heade


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          9192.168.2.54973869.164.42.24433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1038OUTGET /website/rightbackup/images/afterinstall_ss_windows_notms.png HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: cdn.systweak.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC503INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          X-Agile-Brick-Id: 480531899
                                                                                                                                                                                                                                                                          X-Agile-Checksum: 6993f0c68486979dd7cc85315932b0ab2318e0b0ac28bab622a8784042b6e03a
                                                                                                                                                                                                                                                                          X-Agile-Request-Id: 725fa81faae5c07c1207e7f0958a91bf, acf423d624151e042212e791132ed7ef
                                                                                                                                                                                                                                                                          X-Agile-Source: 69.28.134.193:1987
                                                                                                                                                                                                                                                                          Server: CloudStorage
                                                                                                                                                                                                                                                                          Age: 1451
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:58 GMT
                                                                                                                                                                                                                                                                          Last-Modified: Fri, 27 Oct 2023 13:08:16 GMT
                                                                                                                                                                                                                                                                          X-LLID: b0b93b5ae9ee4b0663ca0894e0f7d5a3
                                                                                                                                                                                                                                                                          Content-Length: 60729
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC13846INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 6f 00 00 01 22 08 06 00 00 00 36 fa 53 a6 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 84 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 32 20 37 39 2e 31 36 30 39 32 34 2c 20 32 30 31 37 2f 30 37 2f 31 33 2d 30 31 3a 30 36 3a 33 39 20 20
                                                                                                                                                                                                                                                                          Data Ascii: PNGIHDRo"6StEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC16384INData Raw: cf 68 08 1a 72 b7 63 38 24 ca 71 74 9d 6a 63 65 b6 33 90 31 5c b7 07 45 86 bc 48 28 cc 23 04 3a 9c 4e 06 76 7a 04 43 01 ee 65 12 08 04 2f f0 24 c9 9c 88 a3 80 78 65 55 25 0a 72 5c 78 69 c7 ef 59 27 7a 8e 01 77 1e 3b 76 f5 0c 37 29 4b 30 31 00 8f 44 a2 78 e6 d9 67 78 d8 d9 e6 e6 a5 7c f1 86 f9 ae 89 a4 36 49 2d 72 9c e4 11 10 a7 67 58 dd d9 35 91 da c6 6e a7 60 61 7e 04 d9 b5 68 78 f7 a8 8a 2a 8b 53 b4 37 26 74 6b f8 62 b4 dd 27 da f1 f8 ef c6 50 63 da 8c a3 3d 01 1c 69 7f 1d 6f 1c 3a 82 bc f2 25 30 26 67 90 90 18 28 32 36 f6 f4 77 ff 07 8c f7 fc 7f 58 fd d9 7b 30 78 fa 04 ba ce c5 91 9c 19 41 0f 63 c2 43 83 ed 18 90 b2 b0 ba da 89 e3 67 c6 50 e8 0c 60 e7 f3 2f a1 7a 45 35 0a 8d 1a 04 b4 76 94 99 42 e8 9b 0a f3 c9 27 26 9d 11 79 c5 05 d0 5b 72 d0 5a 5d 84
                                                                                                                                                                                                                                                                          Data Ascii: hrc8$qtjce31\EH(#:NvzCe/$xeU%r\xiY'zw;v7)K01Dxgx|6I-rgX5n`a~hx*S7&tkb'Pc=io:%0&g(26wX{0xAcCgP`/zE5vB'&y[rZ]
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC16384INData Raw: 4f 3c cb 7a 51 e1 4e 80 aa 90 52 13 69 f1 84 72 de 39 08 3c 3e 9c ac 3e 91 67 83 22 60 e5 4e 2b 7a 06 58 5d d3 0b 67 62 67 e3 21 dd a3 28 a4 f5 3f bd 1f 7c 85 67 da f5 49 5d 8f 84 32 d3 0f d6 3f e9 2c 4b 50 9a ce 6e 29 49 c2 35 5b f5 6b 34 19 6f 55 f0 9e f1 27 5f 74 0f ba b8 f9 b5 73 61 f2 e4 e2 48 cb eb 78 f6 a5 6d f8 f8 9f 7e 1e 56 fa 6e e5 43 bf 87 b6 9f af c3 28 72 50 ea 30 a2 2b ab 1c f7 2e bc 1b 8b f4 5d 68 5d 37 82 95 8b e7 e2 60 4b 03 ec a4 92 45 62 d1 cb ee 58 83 b9 15 c5 d8 db 76 1a 45 a5 e5 70 10 13 90 a2 f4 db ba 7c e4 b5 12 f3 23 93 33 bf b4 0e ab 57 ca b0 3a dc a8 28 b4 c1 10 cf 21 15 6e c4 da bb 97 62 fb 60 17 fe e2 2f ff 06 df fb de bf a3 4f 57 8c af fc f5 bd 78 f9 f9 17 e1 73 97 e2 ae 79 73 10 8e 59 39 5b 50 44 3d 3c 79 65 58 3c cf 05 b3
                                                                                                                                                                                                                                                                          Data Ascii: O<zQNRir9<>>g"`N+zX]gbg!(?|gI]2?,KPn)I5[k4oU'_tsaHxm~VnC(rP0+.]h]7`KEbXvEp|#3W:(!nb`/OWxsysY9[PD=<yeX<
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC10136INData Raw: 0c 50 c7 b7 58 28 bf 8c 1c c2 01 3b fa c7 86 d0 35 42 65 ba dc 0a 51 21 c0 1a 1d bf 8a 8b fd 5d d8 be eb d3 28 b2 38 30 34 e1 21 e6 ed e6 e3 70 72 b2 1f a3 76 2f 4a f2 cb 60 16 7c e8 1b 1e 86 48 a0 5f 90 53 04 93 9e 05 a3 32 70 1f 17 a7 7b 1a 8e a9 71 78 a8 9f 67 64 e4 a3 20 9d 05 85 f2 c3 ee 9a e2 cc ce 4c 44 69 da e9 81 cd 62 a3 71 e0 e0 00 3e 6b 1f 85 44 ed 6b a1 81 c9 34 90 de e1 2e 5c cd 36 20 cd 9a 87 dc e0 26 bd cc 11 68 ca 31 86 4e 12 2a 66 6f 16 f2 48 1b 80 38 83 be 99 49 a4 a7 17 22 dd 24 60 70 b8 1f 7e 7d 3a b5 59 0e 91 31 1a 64 04 da 32 0b 18 26 09 04 d0 06 ee 64 c5 82 58 4d 3a 27 61 b5 15 a0 20 2d 8d 9e b9 07 4e c9 88 92 9c 7c f8 dd a3 f4 7e 9c c8 a2 7a 67 91 b0 ba 99 db 94 85 d7 07 b3 ef 01 91 83 86 2c 2e 16 60 08 0a 08 ea 89 4e 58 0b 21 b3
                                                                                                                                                                                                                                                                          Data Ascii: PX(;5BeQ!](804!prv/J`|H_S2p{qxgd LDibq>kDk4.\6 &h1N*foH8I"$`p~}:Y1d2&dXM:'a -N|~zg,.`NX!
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC3432INData Raw: a9 bc cb 78 f5 b8 d3 c6 3f b3 40 2c 09 f0 0e 25 06 da 4c e2 30 e3 7c 68 5d a3 9a 8e 10 ab 51 53 01 a1 78 80 99 68 1b b7 58 ae fd a9 02 44 22 29 1d 9d af 9a 0e 1e fd 5c 89 d8 44 a2 b6 50 3b a8 e3 0d ec e8 a8 91 89 40 50 ed 20 8e 15 85 32 fa 7c 2c 6f b4 78 82 22 d9 60 8b 05 0a 6a 84 5b a2 76 51 d3 4f 63 79 d3 c5 6b 6f 35 00 16 ab 7d a2 9f 37 d1 56 85 d1 e3 50 ad c0 51 23 00 93 d5 fd 4e 1e ff 6c 01 47 88 c4 de e8 b4 68 5b d9 24 03 95 78 ec 2d b2 51 a3 5f 40 ac 32 62 95 a9 b6 83 45 7f 12 75 e8 78 2c 28 56 27 51 53 a7 78 6d 95 68 e0 25 62 95 b1 da 5b 0d 0b 8a 17 25 32 ba 13 c6 72 eb 8d 05 4a d1 ed 92 6c 2b 3d 35 ec 28 f2 19 e3 b1 dd 64 e0 1b ef 58 22 c1 12 6b 30 aa 51 f7 23 af 8b 8e e3 1c 99 4f ac f6 4e 95 49 aa 35 69 c4 03 43 b5 66 0c 35 20 9d 8c 2c dc a9 e3
                                                                                                                                                                                                                                                                          Data Ascii: x?@,%L0|h]QSxhXD")\DP;@P 2|,ox"`j[vQOcyko5}7VPQ#NlGh[$x-Q_@2bEux,(V'QSxmh%b[%2rJl+=5(dX"k0Q#ONI5iCf5 ,
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC547INData Raw: 72 32 15 28 d9 4a 8c 78 ce 28 89 62 6f a8 5d 12 95 cc 93 51 8d 49 20 d9 72 bb 64 2b 4b d4 76 b8 44 b1 64 d4 6c 22 9b 68 f5 4a aa 2b 32 ae c5 2c 16 cf 31 47 ad 27 a9 9a e5 87 6a 04 8a 18 b4 21 84 a6 9f c3 4e 55 86 20 82 18 e6 ae 51 dc d5 a3 69 b0 61 7e 1e 91 d7 47 5e 17 31 91 3e 57 df 28 30 36 18 a2 40 d0 30 3f af d0 ef c8 73 86 39 74 34 04 cb 99 03 6c c3 bc 72 22 19 ed 3c b0 34 cc cf 7f be e0 30 cc ab 5b 74 9b c4 64 da d1 c2 25 12 9c 63 29 09 31 d9 bf e1 1d 19 ff b7 b4 d9 24 1e ab be 5e 53 86 1a 73 ca f5 4c fc 5d 8b d9 26 95 09 ab eb 31 2d dc 88 89 39 35 cf 71 23 26 1c 6f d4 44 a3 da 36 4e e5 fd dd 28 53 56 2a 93 58 71 6e 8a 30 49 c4 30 a9 24 31 6d 44 9a 58 e6 99 42 90 cc 2c 86 98 53 88 89 4d 73 e2 fc 3a 26 b9 7e de c4 ac 21 d2 e3 37 f4 cc 71 c6 7f f0 e1
                                                                                                                                                                                                                                                                          Data Ascii: r2(Jx(bo]QI rd+KvDdl"hJ+2,1G'j!NU Qia~G^1>W(06@0?s9t4lr"<40[td%c)1$^SsL]&1-95q#&oD6N(SV*Xqn0I0$1mDXB,SMs:&~!7q


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          10192.168.2.549739104.17.24.144433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1026OUTGET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: cdnjs.cloudflare.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC963INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:58 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=30672000
                                                                                                                                                                                                                                                                          ETag: W/"5eb03fa9-4af4"
                                                                                                                                                                                                                                                                          Last-Modified: Mon, 04 May 2020 16:15:37 GMT
                                                                                                                                                                                                                                                                          cf-cdnjs-via: cfworker/kv
                                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                          Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                          CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                          Age: 87436
                                                                                                                                                                                                                                                                          Expires: Tue, 08 Apr 2025 23:33:58 GMT
                                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x7X4PXX%2B2dENeQdt5ydBubl7iVZ8q9939IZIhkvryuGeBaIbmQo66BhA1l%2BmjVQOJQkjElozCo0b%2FHdy4GdCxUH%2FnKZWQAFn6HkR6C3HChhRbnYBoeu%2FXgqF%2FxLPGlnFNnpo7n8o"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=15780000
                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                          CF-RAY: 8768767f8c59b02a-ATL
                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC406INData Raw: 34 61 66 34 0d 0a 2f 2a 0a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 46 65 64 65 72 69 63 6f 20 5a 69 76 6f 6c 6f 20 32 30 31 37 0a 20 44 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 28 6c 69 63 65 6e 73 65 20 74 65 72 6d 73 20 61 72 65 20 61 74 20 68 74 74 70 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 4d 49 54 29 2e 0a 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 27 66 75 6e 63 74 69 6f 6e 27 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26
                                                                                                                                                                                                                                                                          Data Ascii: 4af4/* Copyright (C) Federico Zivolo 2017 Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT). */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1369INData Raw: 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 5b 5d 3b 76 61 72 20 6f 3d 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 2c 6e 75 6c 6c 29 3b 72 65 74 75 72 6e 20 74 3f 6f 5b 74 5d 3a 6f 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 72 65 74 75 72 6e 27 48 54 4d 4c 27 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 3f 65 3a 65 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 65 2e 68 6f 73 74 7d 66 75 6e 63 74 69 6f 6e 20 6e 28 65 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 3b 73 77 69 74 63 68 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7b 63 61 73 65 27 48 54 4d 4c 27 3a 63 61 73 65 27 42 4f 44 59 27 3a 72 65 74 75 72 6e 20 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 3b 63 61 73 65 27 23 64 6f 63 75 6d
                                                                                                                                                                                                                                                                          Data Ascii: 1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#docum
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1369INData Raw: 2c 74 29 7b 76 61 72 20 6f 3d 32 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 32 5d 26 26 61 72 67 75 6d 65 6e 74 73 5b 32 5d 2c 69 3d 61 28 74 2c 27 74 6f 70 27 29 2c 6e 3d 61 28 74 2c 27 6c 65 66 74 27 29 2c 72 3d 6f 3f 2d 31 3a 31 3b 72 65 74 75 72 6e 20 65 2e 74 6f 70 2b 3d 69 2a 72 2c 65 2e 62 6f 74 74 6f 6d 2b 3d 69 2a 72 2c 65 2e 6c 65 66 74 2b 3d 6e 2a 72 2c 65 2e 72 69 67 68 74 2b 3d 6e 2a 72 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 29 7b 76 61 72 20 6f 3d 27 78 27 3d 3d 3d 74 3f 27 4c 65 66 74 27 3a 27 54 6f 70 27 2c 69 3d 27 4c 65 66 74 27 3d 3d 6f 3f 27 52 69 67 68 74 27 3a 27 42 6f 74 74 6f 6d 27 3b 72 65 74 75 72 6e 20 70 61 72 73 65 46 6c 6f 61 74 28 65 5b 27 62
                                                                                                                                                                                                                                                                          Data Ascii: ,t){var o=2<arguments.length&&void 0!==arguments[2]&&arguments[2],i=a(t,'top'),n=a(t,'left'),r=o?-1:1;return e.top+=i*r,e.bottom+=i*r,e.left+=n*r,e.right+=n*r,e}function f(e,t){var o='x'===t?'Left':'Top',i='Left'==o?'Right':'Bottom';return parseFloat(e['b
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1369INData Raw: 7b 74 6f 70 3a 70 2e 74 6f 70 2d 73 2e 74 6f 70 2d 66 2c 6c 65 66 74 3a 70 2e 6c 65 66 74 2d 73 2e 6c 65 66 74 2d 6d 2c 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 29 3b 69 66 28 68 2e 6d 61 72 67 69 6e 54 6f 70 3d 30 2c 68 2e 6d 61 72 67 69 6e 4c 65 66 74 3d 30 2c 21 69 26 26 72 29 7b 76 61 72 20 75 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 6d 61 72 67 69 6e 54 6f 70 2c 31 30 29 2c 62 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 6d 61 72 67 69 6e 4c 65 66 74 2c 31 30 29 3b 68 2e 74 6f 70 2d 3d 66 2d 75 2c 68 2e 62 6f 74 74 6f 6d 2d 3d 66 2d 75 2c 68 2e 6c 65 66 74 2d 3d 6d 2d 62 2c 68 2e 72 69 67 68 74 2d 3d 6d 2d 62 2c 68 2e 6d 61 72 67 69 6e 54 6f 70 3d 75 2c 68 2e 6d 61 72 67 69 6e 4c 65 66 74 3d 62 7d 72 65
                                                                                                                                                                                                                                                                          Data Ascii: {top:p.top-s.top-f,left:p.left-s.left-m,width:p.width,height:p.height});if(h.marginTop=0,h.marginLeft=0,!i&&r){var u=parseFloat(a.marginTop,10),b=parseFloat(a.marginLeft,10);h.top-=f-u,h.bottom-=f-u,h.left-=m-b,h.right-=m-b,h.marginTop=u,h.marginLeft=b}re
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1369INData Raw: 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 2c 62 6f 74 74 6f 6d 3a 7b 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e 62 6f 74 74 6f 6d 2d 74 2e 62 6f 74 74 6f 6d 7d 2c 6c 65 66 74 3a 7b 77 69 64 74 68 3a 74 2e 6c 65 66 74 2d 70 2e 6c 65 66 74 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 7d 2c 64 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 73 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 73 65 28 7b 6b 65 79 3a 65 7d 2c 73 5b 65 5d 2c 7b 61 72 65 61 3a 45 28 73 5b 65 5d 29 7d 29 7d 29 2e 73 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 2e 61 72 65 61 2d 65 2e 61 72 65 61 7d 29 2c 61 3d 64 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65
                                                                                                                                                                                                                                                                          Data Ascii: height:p.height},bottom:{width:p.width,height:p.bottom-t.bottom},left:{width:t.left-p.left,height:p.height}},d=Object.keys(s).map(function(e){return se({key:e},s[e],{area:E(s[e])})}).sort(function(e,t){return t.area-e.area}),a=d.filter(function(e){var t=e
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1369INData Raw: 73 6f 6c 65 2e 77 61 72 6e 28 27 60 6d 6f 64 69 66 69 65 72 2e 66 75 6e 63 74 69 6f 6e 60 20 69 73 20 64 65 70 72 65 63 61 74 65 64 2c 20 75 73 65 20 60 6d 6f 64 69 66 69 65 72 2e 66 6e 60 21 27 29 3b 76 61 72 20 69 3d 74 5b 27 66 75 6e 63 74 69 6f 6e 27 5d 7c 7c 74 2e 66 6e 3b 74 2e 65 6e 61 62 6c 65 64 26 26 65 28 69 29 26 26 28 6f 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 63 28 6f 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 29 2c 6f 2e 6f 66 66 73 65 74 73 2e 72 65 66 65 72 65 6e 63 65 3d 63 28 6f 2e 6f 66 66 73 65 74 73 2e 72 65 66 65 72 65 6e 63 65 29 2c 6f 3d 69 28 6f 2c 74 29 29 7d 29 2c 6f 7d 66 75 6e 63 74 69 6f 6e 20 4e 28 29 7b 69 66 28 21 74 68 69 73 2e 73 74 61 74 65 2e 69 73 44 65 73 74 72 6f 79 65 64 29 7b 76 61 72 20 65 3d 7b 69 6e
                                                                                                                                                                                                                                                                          Data Ascii: sole.warn('`modifier.function` is deprecated, use `modifier.fn`!');var i=t['function']||t.fn;t.enabled&&e(i)&&(o.offsets.popper=c(o.offsets.popper),o.offsets.reference=c(o.offsets.reference),o=i(o,t))}),o}function N(){if(!this.state.isDestroyed){var e={in
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1369INData Raw: 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 72 65 6d 6f 76 65 4f 6e 44 65 73 74 72 6f 79 26 26 74 68 69 73 2e 70 6f 70 70 65 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 68 69 73 2e 70 6f 70 70 65 72 29 2c 74 68 69 73 7d 66 75 6e 63 74 69 6f 6e 20 42 28 65 29 7b 76 61 72 20 74 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3b 72 65 74 75 72 6e 20 74 3f 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 77 69 6e 64 6f 77 7d 66 75 6e 63 74 69 6f 6e 20 48 28 65 2c 74 2c 6f 2c 69 29 7b 76 61 72 20 72 3d 27 42 4f 44 59 27 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 2c 70 3d 72 3f 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 65 3b 70 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 6f 2c 7b 70
                                                                                                                                                                                                                                                                          Data Ascii: ,this.options.removeOnDestroy&&this.popper.parentNode.removeChild(this.popper),this}function B(e){var t=e.ownerDocument;return t?t.defaultView:window}function H(e,t,o,i){var r='BODY'===e.nodeName,p=r?e.ownerDocument.defaultView:e;p.addEventListener(t,o,{p
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1369INData Raw: 72 65 74 75 72 6e 20 6f 3d 3d 3d 74 7d 29 2c 6e 3d 21 21 69 26 26 65 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 6e 61 6d 65 3d 3d 3d 6f 26 26 65 2e 65 6e 61 62 6c 65 64 26 26 65 2e 6f 72 64 65 72 3c 69 2e 6f 72 64 65 72 7d 29 3b 69 66 28 21 6e 29 7b 76 61 72 20 72 3d 27 60 27 2b 74 2b 27 60 27 3b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 27 60 27 2b 6f 2b 27 60 27 2b 27 20 6d 6f 64 69 66 69 65 72 20 69 73 20 72 65 71 75 69 72 65 64 20 62 79 20 27 2b 72 2b 27 20 6d 6f 64 69 66 69 65 72 20 69 6e 20 6f 72 64 65 72 20 74 6f 20 77 6f 72 6b 2c 20 62 65 20 73 75 72 65 20 74 6f 20 69 6e 63 6c 75 64 65 20 69 74 20 62 65 66 6f 72 65 20 27 2b 72 2b 27 21 27 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 65 29 7b
                                                                                                                                                                                                                                                                          Data Ascii: return o===t}),n=!!i&&e.some(function(e){return e.name===o&&e.enabled&&e.order<i.order});if(!n){var r='`'+t+'`';console.warn('`'+o+'`'+' modifier is required by '+r+' modifier in order to work, be sure to include it before '+r+'!')}return n}function K(e){
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1369INData Raw: 72 65 74 75 72 6e 27 27 3d 3d 3d 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 26 26 2d 31 21 3d 3d 5b 27 2b 27 2c 27 2d 27 5d 2e 69 6e 64 65 78 4f 66 28 74 29 3f 28 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 3d 74 2c 70 3d 21 30 2c 65 29 3a 70 3f 28 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 2b 3d 74 2c 70 3d 21 31 2c 65 29 3a 65 2e 63 6f 6e 63 61 74 28 74 29 7d 2c 5b 5d 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 56 28 65 2c 6e 2c 74 2c 6f 29 7d 29 7d 29 2c 61 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 69 29 7b 55 28 6f 29 26 26 28 6e 5b 74 5d 2b 3d 6f 2a 28 27 2d 27 3d 3d 3d 65 5b 69 2d 31 5d 3f 2d 31 3a 31 29 29 7d 29 7d 29 2c 6e 7d 66 75 6e 63 74
                                                                                                                                                                                                                                                                          Data Ascii: return''===e[e.length-1]&&-1!==['+','-'].indexOf(t)?(e[e.length-1]=t,p=!0,e):p?(e[e.length-1]+=t,p=!1,e):e.concat(t)},[]).map(function(e){return V(e,n,t,o)})}),a.forEach(function(e,t){e.forEach(function(o,i){U(o)&&(n[t]+=o*('-'===e[i-1]?-1:1))})}),n}funct
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1369INData Raw: 72 65 74 75 72 6e 20 6f 26 26 65 28 74 2e 70 72 6f 74 6f 74 79 70 65 2c 6f 29 2c 69 26 26 65 28 74 2c 69 29 2c 74 7d 7d 28 29 2c 70 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 72 65 74 75 72 6e 20 74 20 69 6e 20 65 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 76 61 6c 75 65 3a 6f 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 7d 29 3a 65 5b 74 5d 3d 6f 2c 65 7d 2c 73 65 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6f 3d 31 3b 6f 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 66 6f 72 28 76 61 72 20 69 20 69 6e 20 74 3d 61 72 67 75 6d 65 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: return o&&e(t.prototype,o),i&&e(t,i),t}}(),pe=function(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e},se=Object.assign||function(e){for(var t,o=1;o<arguments.length;o++)for(var i in t=argument


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          11192.168.2.54973769.164.42.24433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1013OUTGET /website/rightbackup/images/logo.png HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: cdn.systweak.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC502INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          X-Agile-Brick-Id: 480531822
                                                                                                                                                                                                                                                                          X-Agile-Checksum: 2c75a132f786cb29b53a5afc72579d254f62df5b714ef000935f3a5d409278df
                                                                                                                                                                                                                                                                          X-Agile-Request-Id: 9bfb7d77d54d20de91594e9b4b3e76e2, 2a705a95a8617ad24d274170be162606
                                                                                                                                                                                                                                                                          X-Agile-Source: 69.28.134.185:1987
                                                                                                                                                                                                                                                                          Server: CloudStorage
                                                                                                                                                                                                                                                                          Age: 1452
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:58 GMT
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 02 Mar 2023 07:31:56 GMT
                                                                                                                                                                                                                                                                          X-LLID: 30f06832c857a55e3de618b3c52b5225
                                                                                                                                                                                                                                                                          Content-Length: 5464
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC2263INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 03 00 00 00 33 08 06 00 00 00 93 dc 6d d2 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 26 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 32 20 37 39 2e 31 36 30 39 32 34 2c 20 32 30 31 37 2f 30 37 2f 31 33 2d 30 31 3a 30 36 3a 33 39 20 20
                                                                                                                                                                                                                                                                          Data Ascii: PNGIHDR3mtEXtSoftwareAdobe ImageReadyqe<&iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC3201INData Raw: de 6f f0 b6 3e 38 1d 1d 7e b7 45 d0 87 16 77 e9 61 2b 0b f5 8b 59 58 6e 6c 89 18 f8 e9 8a 94 19 c5 a7 aa 7c 26 83 a7 5e f9 6d da 62 c3 ec 45 63 93 12 e7 72 60 68 c3 83 3d d6 2e 50 6d 7e 15 9c eb d8 05 68 0d 00 51 a0 ff 23 48 91 aa 09 e0 e9 a2 f5 60 74 cc 18 58 42 f9 65 44 4f a6 8f 4b 5d b8 a0 f0 fe e3 d4 cb bf e9 78 eb e7 3f 6b 52 a0 1a 06 99 04 21 77 70 55 0a 14 d6 05 23 be 6e f1 b1 8c 62 2b 1d 28 3d e4 ea e4 07 20 28 18 28 e8 b1 12 d5 48 b4 4f 19 6e 0b 31 eb cb e8 29 f8 88 15 b0 52 a2 df d0 fd 12 a9 bc c5 e2 40 98 34 51 7e 45 02 45 de 82 af e7 bb 49 c2 55 97 12 6c 65 0a fb 0c a5 61 82 e9 99 70 99 8b 25 ca 50 22 ac 33 ed 71 45 bc 5f af 32 67 dc 39 b9 18 91 fb 50 ca b1 d6 83 60 dd c7 8f 81 2b 3d bb 41 b8 9a b9 29 63 a2 ef 05 e5 0b fe 00 12 a3 c7 f8 9a 36
                                                                                                                                                                                                                                                                          Data Ascii: o>8~Ewa+YXnl|&^mbEcr`h=.Pm~hQ#H`tXBeDOK]x?kR!wpU#nb+(= ((HOn1)R@4Q~EEIUleap%P"3qE_2g9P`+=A)c6


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          12192.168.2.54973623.108.29.1194433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC998OUTGET /trservice.js HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: trackingapi.systweak.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC671INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:58 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Length: 7449
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: Content-Length
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: Accept, Authorization, Content-Type, X-Requested-With, Range
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=0
                                                                                                                                                                                                                                                                          Last-Modified: Wed, 21 Feb 2024 11:51:37 GMT
                                                                                                                                                                                                                                                                          ETag: W/"1d19-18dcb81cbcb"
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC7449INData Raw: 69 66 28 67 65 74 42 72 6f 77 73 65 72 28 29 20 3d 3d 20 27 49 45 27 29 7b 0a 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 79 70 65 6f 66 20 64 65 66 69 6e 65 3d 3d 3d 27 66 75 6e 63 74 69 6f 6e 27 26 26 64 65 66 69 6e 65 2e 61 6d 64 29 7b 64 65 66 69 6e 65 28 5b 27 6a 71 75 65 72 79 27 5d 2c 61 29 7d 65 6c 73 65 20 69 66 28 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3d 3d 3d 27 6f 62 6a 65 63 74 27 29 7b 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 28 72 65 71 75 69 72 65 28 27 6a 71 75 65 72 79 27 29 29 7d 65 6c 73 65 7b 61 28 6a 51 75 65 72 79 29 7d 7d 28 66 75 6e 63 74 69 6f 6e 28 24 29 7b 69 66 28 24 2e 73 75 70 70 6f 72 74 2e 63 6f 72 73 7c 7c 21 24 2e 61 6a 61 78 54 72 61 6e 73 70 6f 72 74 7c 7c 21 77 69 6e 64 6f 77 2e 58 44 6f 6d 61 69 6e
                                                                                                                                                                                                                                                                          Data Ascii: if(getBrowser() == 'IE'){(function(a){if(typeof define==='function'&&define.amd){define(['jquery'],a)}else if(typeof exports==='object'){module.exports=a(require('jquery'))}else{a(jQuery)}}(function($){if($.support.cors||!$.ajaxTransport||!window.XDomain


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          13192.168.2.549740157.245.131.964433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1034OUTGET /css/modal.css HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC343INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:58 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/css; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Length: 5341
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=0
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 05 Oct 2023 13:54:04 GMT
                                                                                                                                                                                                                                                                          ETag: W/"14dd-18b001df060"
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC5341INData Raw: 0a 2f 2a 20 4d 6f 64 61 6c 20 62 6f 78 20 63 73 73 20 2a 2f 0a 2e 6d 6f 64 61 6c 2d 6f 75 74 65 72 2d 63 6f 6c 7b 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 74 6f 70 3a 20 30 3b 6c 65 66 74 3a 20 30 3b 77 69 64 74 68 3a 20 31 30 30 25 3b 68 65 69 67 68 74 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 79 73 74 77 65 61 6b 2e 63 6f 6d 2f 77 65 62 73 69 74 65 2f 72 69 67 68 74 62 61 63 6b 75 70 2f 69 6d 61 67 65 73 2f 31 78 31 2e 70 6e 67 27 29 20 72 65 70 65 61 74 3b 7a 2d 69 6e 64 65 78 3a 20 31 30 30 31 3b 0a 20 20 20 20 2d 6d 6f 7a 2d 6f 70 61 63 69 74 79 3a 30 2e 38 3b 6f 70 61 63 69 74 79 3a 38 30 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61
                                                                                                                                                                                                                                                                          Data Ascii: /* Modal box css */.modal-outer-col{ display: block;position: fixed;top: 0;left: 0;width: 100%;height: 100%;background: url('https://cdn.systweak.com/website/rightbackup/images/1x1.png') repeat;z-index: 1001; -moz-opacity:0.8;opacity:80;filter:alpha


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          14192.168.2.549741157.245.131.964433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1035OUTGET /js/tracking.js HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC357INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:58 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Length: 5462
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=0
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 16 Nov 2023 12:44:52 GMT
                                                                                                                                                                                                                                                                          ETag: W/"1556-18bd829ada0"
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC5462INData Raw: 2f 2a 20 47 6c 6f 62 61 6c 20 53 69 74 65 20 54 61 67 20 28 67 74 61 67 2e 6a 73 29 20 2d 20 47 6f 6f 67 6c 65 20 41 6e 61 6c 79 74 69 63 73 20 20 2a 2f 0a 20 20 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 20 7b 20 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 20 7d 3b 0a 20 20 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 20 20 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 55 41 2d 34 36 37 32 32 31 38 38 2d 31 27 2c 20 7b 0a 20 20 20 20 20 20 20 20 27 6c 69 6e 6b 65 72 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 64 6f 6d 61 69 6e
                                                                                                                                                                                                                                                                          Data Ascii: /* Global Site Tag (gtag.js) - Google Analytics */ window.dataLayer = window.dataLayer || []; function gtag() { dataLayer.push(arguments) }; gtag('js', new Date()); gtag('config', 'UA-46722188-1', { 'linker': { 'domain


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          15192.168.2.54974269.164.42.24433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1023OUTGET /website/rightbackup/images/my-account-btn.png HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: cdn.systweak.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC502INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          X-Agile-Brick-Id: 480531916
                                                                                                                                                                                                                                                                          X-Agile-Checksum: c2ef8be641d07899ca2b783c539c9c18fa241bc4c0cd63e68c627a58faf03a91
                                                                                                                                                                                                                                                                          X-Agile-Request-Id: a1677d903b7264d0b0babce34127c62c, b2cf927fa9957f989c2974ed53b4b112
                                                                                                                                                                                                                                                                          X-Agile-Source: 69.28.134.195:1987
                                                                                                                                                                                                                                                                          Server: CloudStorage
                                                                                                                                                                                                                                                                          Age: 1452
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:58 GMT
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 02 Mar 2023 07:32:07 GMT
                                                                                                                                                                                                                                                                          X-LLID: 028afc83bc7c5b1992f0d1e3c3f5f669
                                                                                                                                                                                                                                                                          Content-Length: 4694
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC3711INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 95 00 00 00 2b 08 02 00 00 00 fe 00 5d 1d 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 26 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 32 20 37 39 2e 31 36 30 39 32 34 2c 20 32 30 31 37 2f 30 37 2f 31 33 2d 30 31 3a 30 36 3a 33 39 20 20
                                                                                                                                                                                                                                                                          Data Ascii: PNGIHDR+]tEXtSoftwareAdobe ImageReadyqe<&iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC983INData Raw: 4f 53 c1 b4 6a 5b 51 69 b3 3e 74 f4 83 2f 3f 17 63 3b 73 a3 09 dc f5 94 06 5e 55 54 97 f9 98 d3 6f 7c b3 fc ba cd 3b 7e 76 6a 9a 55 92 9d ad b2 84 29 9b 7c 27 8b 74 d9 8f f8 ac 80 98 21 62 6f 0e ae 64 1b 38 6e 52 47 1d 75 b5 50 76 52 c5 03 6f 24 ba 60 f6 b7 a3 81 52 17 88 03 88 60 62 0e e5 bc 09 d8 4d ea 60 cb 70 06 22 98 41 e7 47 70 94 bd 8e 0d e4 74 0a 7c 99 ea c3 88 ce 4c a4 36 6a af 06 d9 25 e3 b5 ce cc e1 28 e7 b7 40 9d 14 cd 80 fb 81 5e d9 6f 58 de 8f 56 91 a8 d4 8e c5 07 75 b5 52 43 08 11 7c 89 0b c7 d6 52 7c 2a f6 27 c0 13 47 bd f6 48 17 08 74 c0 fe 63 33 a6 05 95 3d 1f f3 c2 56 ef 7b 31 b1 72 4f a2 0a d2 40 ed f5 14 67 c0 fb bc 37 13 50 ea 00 7b 0d 2e cd 60 a0 b1 5d 4d 54 6a 55 1c dc 48 f4 c1 20 f8 11 a9 9d 3a ea 01 57 44 47 41 0a 35 04 b1 8d ca
                                                                                                                                                                                                                                                                          Data Ascii: OSj[Qi>t/?c;s^UTo|;~vjU)|'t!bod8nRGuPvRo$`R`bM`p"AGpt|L6j%(@^oXVuRC|R|*'GHtc3=V{1rO@g7P{.`]MTjUH :WDGA5


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          16192.168.2.54974369.164.42.24433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1022OUTGET /website/rightbackup/images/start-bck-btn.png HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: cdn.systweak.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC504INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          X-Agile-Brick-Id: 480531694
                                                                                                                                                                                                                                                                          X-Agile-Checksum: 02599be885cd6a3ba0efc363bd7d750d7a91f49bc8757090ddb14680ec0ec4f1
                                                                                                                                                                                                                                                                          X-Agile-Request-Id: bc33ce4a46d7ddb7388efc69a81bd010, 6b3d2823e3ebaf1c0202008159eabccb
                                                                                                                                                                                                                                                                          X-Agile-Source: 208.111.190.237:1987
                                                                                                                                                                                                                                                                          Server: CloudStorage
                                                                                                                                                                                                                                                                          Age: 1452
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:58 GMT
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 02 Mar 2023 07:32:31 GMT
                                                                                                                                                                                                                                                                          X-LLID: 3721ee1efc83b1f9d5b2f2f3f8a18c37
                                                                                                                                                                                                                                                                          Content-Length: 3220
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC3220INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 8b 00 00 00 28 08 02 00 00 00 41 f3 9e e8 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 26 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 32 20 37 39 2e 31 36 30 39 32 34 2c 20 32 30 31 37 2f 30 37 2f 31 33 2d 30 31 3a 30 36 3a 33 39 20 20
                                                                                                                                                                                                                                                                          Data Ascii: PNGIHDR(AtEXtSoftwareAdobe ImageReadyqe<&iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          17192.168.2.54974469.164.42.24433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:58 UTC1028OUTGET /website/rightbackup/images/afterinstall_upload.png HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: cdn.systweak.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC502INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          X-Agile-Brick-Id: 480531917
                                                                                                                                                                                                                                                                          X-Agile-Checksum: 9cbb49ff31f17e1d32d41af2e6160451fece5a41f64c3e1e36654855f53436c7
                                                                                                                                                                                                                                                                          X-Agile-Request-Id: 6770531e86959ff5167bf209058b52cf, 40fcdf8cc8a82a8d91222c293e7a44b0
                                                                                                                                                                                                                                                                          X-Agile-Source: 69.28.134.194:1987
                                                                                                                                                                                                                                                                          Server: CloudStorage
                                                                                                                                                                                                                                                                          Age: 1453
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:59 GMT
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 02 Mar 2023 07:31:33 GMT
                                                                                                                                                                                                                                                                          X-LLID: c6257c9f798b5f8c9976b9516e2fffb4
                                                                                                                                                                                                                                                                          Content-Length: 7343
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC7343INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6e 00 00 00 66 08 06 00 00 00 2a 08 a4 96 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 1c 51 49 44 41 54 78 da ec 5d 09 78 94 d5 b9 fe fe fd 9f 99 cc 96 4c f6 75 92 40 76 20 0b 06 12 d6 b0 0b 28 0a 62 71 ad 5e 85 d6 3e b5 ed bd b7 8f 55 db 7a 5b b0 6a f5 de 2e fa 54 c1 aa 6d 6d ad ad 45 05 2d b5 ad a2 a2 a0 82 ec 41 48 0c 8b 09 d9 93 49 32 33 99 ed df ee 39 ff ff 4f 0c 8b 64 65 c9 72 78 ce 33 61 32 33 f9 ff f3 9e ef fd de ef 3b df 39 43 ac 7d f4 97 30 d6 9a ac 28 10 14 04 90 65 99 b6 9b 23 12 cc 46 43 0a 43 33 31 34 49 3a 08 92 88 20 80 60 00 14 49 56 c0 2f c9 b2 4b 14 c5 56 5f 30 58 e7 ea f2 d4 06 85 90 9f 67 18 60 50 f7 7b 3d
                                                                                                                                                                                                                                                                          Data Ascii: PNGIHDRnf*tEXtSoftwareAdobe ImageReadyqe<QIDATx]xLu@v (bq^>Uz[j.TmmE-AHI239Oderx3a23;9C}0(e#FCC314I: `IV/KV_0Xg`P{=


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          18192.168.2.549745157.245.131.964433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC1033OUTGET /js/common.js HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: www.rightbackup.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cookie: _csrf=flbBQWxD6ddzUsgfFkhaov60
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC356INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:59 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Length: 3792
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=0
                                                                                                                                                                                                                                                                          Last-Modified: Mon, 16 Oct 2023 17:49:57 GMT
                                                                                                                                                                                                                                                                          ETag: W/"ed0-18b399bd988"
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC3792INData Raw: 76 61 72 20 62 61 73 65 55 72 6c 20 3d 20 27 68 74 74 70 73 3a 2f 2f 72 69 67 68 74 62 61 63 6b 75 70 2e 63 6f 6d 2f 27 3b 0a 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 2f 2f 20 56 61 6c 69 64 61 74 65 20 55 73 65 72 6e 61 6d 65 0a 20 20 24 28 22 2e 77 69 74 68 2d 65 72 72 6f 72 73 22 29 2e 68 69 64 65 28 29 3b 0a 20 20 6c 65 74 20 75 73 65 72 6e 61 6d 65 45 72 72 6f 72 20 3d 20 74 72 75 65 3b 0a 20 20 24 28 22 23 74 78 74 55 73 65 72 46 75 6c 6c 4e 61 6d 65 22 29 2e 6b 65 79 75 70 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 76 61 6c 69 64 61 74 65 55 73 65 72 6e 61 6d 65 28 29 3b 0a 20 20 7d 29 3b 0a 0a 20 20 66 75 6e 63 74 69 6f 6e 20 76 61 6c 69 64 61 74 65 55 73 65 72 6e 61 6d 65
                                                                                                                                                                                                                                                                          Data Ascii: var baseUrl = 'https://rightbackup.com/';$(document).ready(function () { // Validate Username $(".with-errors").hide(); let usernameError = true; $("#txtUserFullName").keyup(function () { validateUsername(); }); function validateUsername


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          19192.168.2.54974669.164.42.24433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC1030OUTGET /website/rightbackup/images/free_space_cloud_poup.png HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: cdn.systweak.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC503INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          X-Agile-Brick-Id: 480531916
                                                                                                                                                                                                                                                                          X-Agile-Checksum: db78df1da49b3b3eed5eda91ea4970408326e5e418935aa306bbfc4bf93de8e5
                                                                                                                                                                                                                                                                          X-Agile-Request-Id: 0639b89a3164c0c8b13d0fb05e7d697c, 98c89667baf70a0db529201aea7f8936
                                                                                                                                                                                                                                                                          X-Agile-Source: 69.28.134.195:1987
                                                                                                                                                                                                                                                                          Server: CloudStorage
                                                                                                                                                                                                                                                                          Age: 1453
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:59 GMT
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 02 Mar 2023 07:31:47 GMT
                                                                                                                                                                                                                                                                          X-LLID: 4b9c95f034f5a41dbafff8d3b4897544
                                                                                                                                                                                                                                                                          Content-Length: 15386
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC13846INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 0f 00 00 00 a4 08 03 00 00 00 be 5d 5b 95 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20
                                                                                                                                                                                                                                                                          Data Ascii: PNGIHDR][tEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC1540INData Raw: 83 07 d9 07 8d 1a 1e 27 80 58 30 0b 59 3c 77 2c f4 5a 03 c7 12 b7 91 15 49 4c 03 e1 c8 61 1e 13 97 40 82 d1 79 8c d3 cb 11 8d 06 54 60 5a 01 5f b7 7c da 2e e0 71 79 b5 3e d0 63 c1 fa 24 7d 7d 50 65 ce f2 64 83 a8 44 4c 67 11 67 ce bd 61 24 42 02 6b 03 55 aa df d0 78 2c db 55 e6 31 6e f2 21 4d 20 0b d6 2f de 32 0a 39 0b d6 07 c8 63 da 12 48 b7 35 fe 52 7e 1e 45 79 8e df 32 8c 49 5c 86 91 bc 23 84 45 59 c5 92 14 d7 69 40 f7 ee 65 e0 71 c1 c4 25 b7 6e 5a 5e 37 45 03 72 08 11 d9 ff 6f 8f 12 8a e7 de 03 48 1f 65 77 d9 b5 6c 10 0f f4 00 67 37 af af 89 29 2f 02 39 c9 3c ff 88 32 6d 35 90 3e 6b 01 9d dd ec cb ba 3e b4 04 03 3c 0e a1 18 b2 f8 4e a1 eb dd a7 4b 8e c0 5c ad 6f 57 09 1f b5 fe 52 39 91 af 66 cd 54 cd 8a a9 91 4b 41 5f c6 85 95 81 a6 70 b4 ae ff 77 b0
                                                                                                                                                                                                                                                                          Data Ascii: 'X0Y<w,ZILa@yT`Z_|.qy>c$}}PedDLgga$BkUx,U1n!M /29cH5R~Ey2I\#EYi@eq%nZ^7EroHewlg7)/9<2m5>k><NK\oWR9fTKA_pw


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          20192.168.2.54975169.164.42.24433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC1019OUTGET /website/rightbackup/images/login_icon.png HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: cdn.systweak.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC501INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          X-Agile-Brick-Id: 480531897
                                                                                                                                                                                                                                                                          X-Agile-Checksum: 6eea23a84057f3cf4d55db59e11a77f8ff488c48b44d6b27a161880da0d67c7c
                                                                                                                                                                                                                                                                          X-Agile-Request-Id: c2b967c870bfb009c0d0a37783d3c176, c0e903742e7f7827b493d74584dafc4c
                                                                                                                                                                                                                                                                          X-Agile-Source: 69.28.134.192:1987
                                                                                                                                                                                                                                                                          Server: CloudStorage
                                                                                                                                                                                                                                                                          Age: 1452
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:00 GMT
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 02 Mar 2023 07:31:52 GMT
                                                                                                                                                                                                                                                                          X-LLID: c5ccc3fc5e0b8eec4c47c042c9f52706
                                                                                                                                                                                                                                                                          Content-Length: 271
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC271INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0f 00 00 00 0f 08 06 00 00 00 3b d6 95 4a 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 00 b1 49 44 41 54 78 da 62 fc ff ff 3f 03 1a b0 01 e2 bd 40 fc 95 01 37 10 00 62 26 16 1c 92 6b 80 38 1a 8f e6 0f 20 82 09 8b c4 03 20 5e c1 40 04 40 d7 cc 03 c4 9e 40 ac 02 c4 4a a4 68 96 02 e2 0b 40 1c 0f c4 56 50 b6 17 5e dd a0 00 83 e2 5e 20 5e 8a c4 8f 05 e2 1b 48 7c 64 fc 01 44 23 db ac 0e c4 47 91 f8 87 81 58 0d 9f c5 b0 d0 2e 07 62 65 20 76 05 62 5e a4 e8 60 84 ca 81 42 ff 2e 2e 67 13 02 de 84 9c 4d 32 a0 48 33 cc cf 67 09 a8 fb 88 4f b3 09 9a 18 3b 81 b4 8d d3 d9 16 40 3c 8b 14 67 a3 83 10 68 32 c5 05 f8 40 04 40 80 01 00 d0 41 7b 49
                                                                                                                                                                                                                                                                          Data Ascii: PNGIHDR;JtEXtSoftwareAdobe ImageReadyqe<IDATxb?@7b&k8 ^@@@Jh@VP^^ ^H|dD#GX.be vb^`B..gM2H3gO;@<gh2@@A{I


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          21192.168.2.54975269.164.42.24433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC1016OUTGET /website/rightbackup/images/os_icon.png HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: cdn.systweak.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC502INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          X-Agile-Brick-Id: 480531897
                                                                                                                                                                                                                                                                          X-Agile-Checksum: b84c1aa67776b9959c5cbd5914166ffa545971032469671b0d280cf99616f24b
                                                                                                                                                                                                                                                                          X-Agile-Request-Id: 87656e3e14d1984b26a145c6be9a04d9, a0b4f9c606a0363c43fa9d7617e82c53
                                                                                                                                                                                                                                                                          X-Agile-Source: 69.28.134.192:1987
                                                                                                                                                                                                                                                                          Server: CloudStorage
                                                                                                                                                                                                                                                                          Age: 1452
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:00 GMT
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 02 Mar 2023 07:32:12 GMT
                                                                                                                                                                                                                                                                          X-LLID: b2f4fcb0fc1df41797f6fa86abe83f2c
                                                                                                                                                                                                                                                                          Content-Length: 1053
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC1053INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 5a 00 00 00 12 08 06 00 00 00 db a3 c9 03 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 bf 49 44 41 54 78 da e4 58 5b 4b 55 41 14 de 9e b3 d5 e4 78 d4 32 f3 5a 19 94 19 62 65 54 56 50 0f f9 d4 4b 44 3d 84 f4 dc 53 7f c2 7f 10 bd f5 1a 14 05 41 05 51 4f 5d d0 7c e9 25 0a ca d4 24 f3 92 5a 66 6a 9e 9b b7 4e df c4 37 30 0d b3 f7 99 7d 4e c5 8e 16 7c ec cb ec 59 7b cd b7 d6 ac 99 35 45 d9 6c d6 51 24 02 6c 06 76 00 d5 c0 77 60 8c 48 03 bf 7c 5c 80 1c 03 da 81 eb 40 d2 e2 fb 66 7e 37 ab bd 17 b6 56 00 ef 2d 74 f4 04 b0 af a7 80 be 46 7d ae 46 f2 7e e0 b4 f6 d1 11 60 06 b8 cf eb ba 41 51 84 4e b1 11 a1 ff 00 ef 53 96 7d 84 a3 cf 02
                                                                                                                                                                                                                                                                          Data Ascii: PNGIHDRZtEXtSoftwareAdobe ImageReadyqe<IDATxX[KUAx2ZbeTVPKD=SAQO]|%$ZfjN70}N|Y{5ElQ$lvw`H|\@f~7V-tF}F~`AQNS}


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          22192.168.2.54975399.84.208.334433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC1813OUTOPTIONS /trservice/trackpixel?params=ttype%3D4%26cpst%3D0%26x-btn%3Dafter-install_Load%26x-browser%3DIE%26x-plt%3DWindows%2010%26productId%3D10929%26x-content%3Dafterinstall%26x-term%3Dsetup%26x-source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26x-campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26x-medium%3Dnewbuild%26x-lip%3D%26x-pxl%3Drb_def_pixel%26x-bdts%3D12072023%252019%253A39%253A21%26x-instdts%3D19042024%252001%253A33%253A01%26x-affiliate%3D%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26lip%3D%26pxl%3Drb_def_pixel%26bdts%3D12072023%252019%253A39%253A21%26instdts%3D19042024%252001%253A33%253A01%26affiliate%3D%26newrb%3D1%26page%3Dinstall%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%25402.40ghz%26ibv%3D0%26iev%3D11%26offertype%3D1%26sn%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353.exe%26CurrentPagePath%3Dwww.rightbackup.com%2Fafter-install%2F%26referrerUrl%3D&_=1713763142552 HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Origin: https://www.rightbackup.com
                                                                                                                                                                                                                                                                          Access-Control-Request-Method: GET
                                                                                                                                                                                                                                                                          Access-Control-Request-Headers: content-type, accept
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: s1kegmsmob.execute-api.us-east-1.amazonaws.com
                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC588INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:59 GMT
                                                                                                                                                                                                                                                                          x-amzn-RequestId: 24167462-8712-49c5-b9e8-33ea27d46f6a
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
                                                                                                                                                                                                                                                                          x-amz-apigw-id: WcgcSE4SIAMEkLw=
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                                                                                                                                                                                          X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                          Via: 1.1 0173aeb09060ae0dd8c77e399d9e5634.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                          X-Amz-Cf-Pop: IAD79-C1
                                                                                                                                                                                                                                                                          X-Amz-Cf-Id: 7qgKrs9lot7KmCbpqhn2wrPZDn6XdQCTBTV2HWlqIKmJ12BYLMGUVA==


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          23192.168.2.54975469.164.42.24433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:33:59 UTC1012OUTGET /website/rightbackup/images/1x1.png HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: cdn.systweak.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC501INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          X-Agile-Brick-Id: 480531668
                                                                                                                                                                                                                                                                          X-Agile-Checksum: 95b76f36271422d87bab24f20d8a26287a9554c808ef12d9696b0f01ff4b4376
                                                                                                                                                                                                                                                                          X-Agile-Request-Id: 110105fd9f5cff64aaeb4442b5961c4f, 15934464bfbdb7a4602ba9e4b719d4d1
                                                                                                                                                                                                                                                                          X-Agile-Source: 69.28.134.164:1987
                                                                                                                                                                                                                                                                          Server: CloudStorage
                                                                                                                                                                                                                                                                          Age: 1452
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:33:59 GMT
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 02 Mar 2023 07:31:23 GMT
                                                                                                                                                                                                                                                                          X-LLID: 92c4f2ee29759c154c6c58b727c54144
                                                                                                                                                                                                                                                                          Content-Length: 923
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC923INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 08 06 00 00 00 1f 15 c4 89 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20
                                                                                                                                                                                                                                                                          Data Ascii: PNGIHDRtEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          24192.168.2.549760172.217.215.1544433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC1970OUTGET /pagead/viewthroughconversion/942863319/?random=1713795359245&cv=11&fst=1713795359245&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&hn=www.googleadservices.com&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&pscdl=noapi&auid=1607475134.1713795359&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC792INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                          Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:00 GMT
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                          Server: cafe
                                                                                                                                                                                                                                                                          Content-Length: 2850
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 18-Apr-2024 23:49:00 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC463INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 20 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 67 2c 6b 3b 61 3a 7b 66 6f 72 28 76 61 72 20 6c 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 70 3d 66 2c 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 69 66 28 70 3d 70 5b 6c 5b 71 5d 5d 2c 6e 75 6c 6c 3d 3d 70 29 7b 6b 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 6b 3d 70 7d 76 61 72 20 72 3d 6b 26 26
                                                                                                                                                                                                                                                                          Data Ascii: (function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],null==p){k=null;break a}k=p}var r=k&&
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC1255INData Raw: 67 61 74 6f 72 29 69 66 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 62 72 65 61 6b 20 61 3b 61 3d 22 22 7d 72 65 74 75 72 6e 2d 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 64 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 79 28 29 7b 72 65 74 75 72 6e 20 67 3f 21 21 74 26 26 30 3c 74 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 20 79 28 29 3f 77 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 78 28 22 43 68 72 6f 6d 65 22 29 7c 7c 78 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 79 28 29 3f 30 3a 78 28 22 45 64 67 65 22 29 29 7c 7c 78 28 22 53 69 6c 6b 22 29 7d 3b 21 78 28 22 41 6e 64 72 6f 69 64 22 29 7c 7c 7a 28 29 3b 7a 28 29 3b 21 78 28 22 53 61 66 61 72 69 22 29 7c 7c 7a 28 29 7c 7c 28 79 28 29 3f 30 3a 78 28
                                                                                                                                                                                                                                                                          Data Ascii: gator)if(a=a.userAgent)break a;a=""}return-1!=a.indexOf(d)};function y(){return g?!!t&&0<t.brands.length:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x(
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC1132INData Raw: 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 61 67 65 61 64 2f 31 70 2d 75 73 65 72 2d 6c 69 73 74 2f 39 34 32 38 36 33 33 31 39 2f 3f 72 61 6e 64 6f 6d 5c 78 33 64 31 37 31 33 37 39 35 33 35 39 32 34 35 5c 78 32 36 63 76 5c 78 33 64 31 31 5c 78 32 36 66 73 74 5c 78 33 64 31 37 31 33 37 39 34 34 30 30 30 30 30 5c 78 32 36 62 67 5c 78 33 64 66 66 66 66 66 66 5c 78 32 36 67 75 69 64 5c 78 33 64 4f 4e 5c 78 32 36 61 73 79 6e 63 5c 78 33 64 31 5c 78 32 36 67 74 6d 5c 78 33 64 34 35 62 65 34 34 66 30 76 38 38 39 34 35 38 31 35 33 7a 61 32 30 30 5c 78 32 36 67 63 64 5c 78 33 64 31 33 6c 33 6c 33 6c 33 6c 31 5c 78 32 36 64 6d 61 5c 78 33 64 30 5c 78 32 36 75 5f 77 5c 78 33 64 31 32 38 30 5c 78 32 36 75 5f 68 5c 78 33 64 31 30 32 34 5c 78 32 36 75 72 6c 5c 78 33 64
                                                                                                                                                                                                                                                                          Data Ascii: w.google.com/pagead/1p-user-list/942863319/?random\x3d1713795359245\x26cv\x3d11\x26fst\x3d1713794400000\x26bg\x3dffffff\x26guid\x3dON\x26async\x3d1\x26gtm\x3d45be44f0v889458153za200\x26gcd\x3d13l3l3l3l1\x26dma\x3d0\x26u_w\x3d1280\x26u_h\x3d1024\x26url\x3d


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          25192.168.2.549761172.217.215.1544433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC1972OUTGET /pagead/viewthroughconversion/11088213923/?random=1713798043237&cv=11&fst=1713798043237&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&hn=www.googleadservices.com&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&pscdl=noapi&auid=1607475134.1713795359&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC792INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                          Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:00 GMT
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                          Server: cafe
                                                                                                                                                                                                                                                                          Content-Length: 2851
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 18-Apr-2024 23:49:00 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC463INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 20 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 67 2c 6b 3b 61 3a 7b 66 6f 72 28 76 61 72 20 6c 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 70 3d 66 2c 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 69 66 28 70 3d 70 5b 6c 5b 71 5d 5d 2c 6e 75 6c 6c 3d 3d 70 29 7b 6b 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 6b 3d 70 7d 76 61 72 20 72 3d 6b 26 26
                                                                                                                                                                                                                                                                          Data Ascii: (function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],null==p){k=null;break a}k=p}var r=k&&
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC1255INData Raw: 67 61 74 6f 72 29 69 66 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 62 72 65 61 6b 20 61 3b 61 3d 22 22 7d 72 65 74 75 72 6e 2d 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 64 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 79 28 29 7b 72 65 74 75 72 6e 20 67 3f 21 21 74 26 26 30 3c 74 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 20 79 28 29 3f 77 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 78 28 22 43 68 72 6f 6d 65 22 29 7c 7c 78 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 79 28 29 3f 30 3a 78 28 22 45 64 67 65 22 29 29 7c 7c 78 28 22 53 69 6c 6b 22 29 7d 3b 21 78 28 22 41 6e 64 72 6f 69 64 22 29 7c 7c 7a 28 29 3b 7a 28 29 3b 21 78 28 22 53 61 66 61 72 69 22 29 7c 7c 7a 28 29 7c 7c 28 79 28 29 3f 30 3a 78 28
                                                                                                                                                                                                                                                                          Data Ascii: gator)if(a=a.userAgent)break a;a=""}return-1!=a.indexOf(d)};function y(){return g?!!t&&0<t.brands.length:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x(
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC1133INData Raw: 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 61 67 65 61 64 2f 31 70 2d 75 73 65 72 2d 6c 69 73 74 2f 31 31 30 38 38 32 31 33 39 32 33 2f 3f 72 61 6e 64 6f 6d 5c 78 33 64 31 37 31 33 37 39 38 30 34 33 32 33 37 5c 78 32 36 63 76 5c 78 33 64 31 31 5c 78 32 36 66 73 74 5c 78 33 64 31 37 31 33 37 39 38 30 30 30 30 30 30 5c 78 32 36 62 67 5c 78 33 64 66 66 66 66 66 66 5c 78 32 36 67 75 69 64 5c 78 33 64 4f 4e 5c 78 32 36 61 73 79 6e 63 5c 78 33 64 31 5c 78 32 36 67 74 6d 5c 78 33 64 34 35 62 65 34 34 66 30 76 38 38 39 34 35 38 31 35 33 7a 61 32 30 30 5c 78 32 36 67 63 64 5c 78 33 64 31 33 6c 33 6c 33 6c 33 6c 31 5c 78 32 36 64 6d 61 5c 78 33 64 30 5c 78 32 36 75 5f 77 5c 78 33 64 31 32 38 30 5c 78 32 36 75 5f 68 5c 78 33 64 31 30 32 34 5c 78 32 36 75 72 6c 5c 78
                                                                                                                                                                                                                                                                          Data Ascii: w.google.com/pagead/1p-user-list/11088213923/?random\x3d1713798043237\x26cv\x3d11\x26fst\x3d1713798000000\x26bg\x3dffffff\x26guid\x3dON\x26async\x3d1\x26gtm\x3d45be44f0v889458153za200\x26gcd\x3d13l3l3l3l1\x26dma\x3d0\x26u_w\x3d1280\x26u_h\x3d1024\x26url\x


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          26192.168.2.54975899.84.208.334433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:34:00 UTC2467OUTGET /trservice/trackpixel?params=ttype%3D4%26cpst%3D0%26x-btn%3Dafter-install_Load%26x-browser%3DIE%26x-plt%3DWindows%2010%26productId%3D10929%26x-content%3Dafterinstall%26x-term%3Dsetup%26x-source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26x-campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26x-medium%3Dnewbuild%26x-lip%3D%26x-pxl%3Drb_def_pixel%26x-bdts%3D12072023%252019%253A39%253A21%26x-instdts%3D19042024%252001%253A33%253A01%26x-affiliate%3D%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26lip%3D%26pxl%3Drb_def_pixel%26bdts%3D12072023%252019%253A39%253A21%26instdts%3D19042024%252001%253A33%253A01%26affiliate%3D%26newrb%3D1%26page%3Dinstall%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%25402.40ghz%26ibv%3D0%26iev%3D11%26offertype%3D1%26sn%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353.exe%26CurrentPagePath%3Dwww.rightbackup.com%2Fafter-install%2F%26referrerUrl%3D&_=1713763142552 HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                          Accept: application/json, text/javascript, */*; q=0.01
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Origin: https://www.rightbackup.com
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: s1kegmsmob.execute-api.us-east-1.amazonaws.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:34:01 UTC675INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                                          Content-Length: 63
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:01 GMT
                                                                                                                                                                                                                                                                          x-amzn-RequestId: de5c6645-ebb9-44df-8cb5-1fe3499eb14c
                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization
                                                                                                                                                                                                                                                                          x-amz-apigw-id: WcgcbFmNoAMEnzg=
                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST,GET,OPTIONS
                                                                                                                                                                                                                                                                          X-Amzn-Trace-Id: Root=1-6621ade8-2fccd635586ab10113989299;Parent=43190ea6b1c2b7e7;Sampled=0;lineage=cd2e199a:0
                                                                                                                                                                                                                                                                          X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                          Via: 1.1 1df382f2345322fac115f7931b894fda.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                          X-Amz-Cf-Pop: IAD79-C1
                                                                                                                                                                                                                                                                          X-Amz-Cf-Id: GjYX-DyDv7WH5cKJDJSgLpdB_MxcGSEUUobLOPYt50dQrVcTOGehRw==
                                                                                                                                                                                                                                                                          2024-04-18 23:34:01 UTC63INData Raw: 7b 22 72 69 64 22 3a 20 22 30 61 35 66 36 31 39 39 2d 32 32 34 32 2d 34 35 37 61 2d 62 32 35 33 2d 63 31 63 62 38 33 62 65 63 63 31 30 2e 74 78 74 22 2c 20 22 65 72 72 22 3a 20 32 30 30 7d
                                                                                                                                                                                                                                                                          Data Ascii: {"rid": "0a5f6199-2242-457a-b253-c1cb83becc10.txt", "err": 200}


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          27192.168.2.54976364.233.177.994433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:34:01 UTC1958OUTGET /pagead/1p-user-list/11088213923/?random=1713798043237&cv=11&fst=1713798000000&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwB7FLtq9BFqBzQ6EDa2_43YU_KInaGcGJtB3Q&random=774164256&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:34:01 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                          Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:01 GMT
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                          Content-Type: image/gif
                                                                                                                                                                                                                                                                          Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                          Server: cafe
                                                                                                                                                                                                                                                                          Content-Length: 42
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:34:01 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                          Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          28192.168.2.54976264.233.177.994433496C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:34:01 UTC1957OUTGET /pagead/1p-user-list/942863319/?random=1713795359245&cv=11&fst=1713794400000&bg=ffffff&guid=ON&async=1&gtm=45be44f0v889458153za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.rightbackup.com%2Fafter-install%2F%3Fnewrb%3D1%26utm_content%3Dafterinstall%26utm_term%3Dsetup%26page%3Dinstall%26utm_source%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_campaign%3Dsecuriteinfo.com.program.unwanted.5412.9308.3353%26utm_medium%3Dnewbuild%26affiliateid%3D%26isreg%3D0%26isexpired%3D0%26dis%3D0%26space%3D0%26pname%3Drightbackup%26firstinstall%3D1%26langcode%3Den%26pver%3D2.1.1001.154%26macid%3D4904161585493398696%26lip%3D%26instdatetime%3D%26productid%3D10929%26pid%3D10929%26os%3Dmicrosoftwindows10pro%26ram%3D8.00gb%26model%3Davlwoho2%26procr%3Dintel(r)core(tm)2cpu6600%402.4&frm=0&tiba=Thankyou%20for%20Installing%20Right%20Backup!&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqNfeJrqLQrEhbuyTjKUCmIwG0bHjIlA&random=3903080233&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                          Referer: https://www.rightbackup.com/after-install/?newrb=1&utm_content=afterinstall&utm_term=setup&page=install&utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&affiliateid=&isreg=0&isexpired=0&dis=0&space=0&pname=rightbackup&firstinstall=1&langcode=en&pver=2.1.1001.154&macid=4904161585493398696&lip=&instdatetime=&productid=10929&pid=10929&os=microsoftwindows10pro&ram=8.00gb&model=avlwoho2&procr=intel(r)core(tm)2cpu6600@2.40ghz&ibv=0&iev=11&pxl=rb_def_pixel&bdts=12072023%2019:39:21&instdts=19042024%2001:33:01&offertype=1&sn=securiteinfo.com.program.unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Accept-Language: en-CH
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:34:01 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                          Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:01 GMT
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                          Content-Type: image/gif
                                                                                                                                                                                                                                                                          Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                          Server: cafe
                                                                                                                                                                                                                                                                          Content-Length: 42
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-18 23:34:01 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                          Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                          29192.168.2.549764165.227.176.158443
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:34:01 UTC403OUTGET /rightbackup/notifier/update.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1
                                                                                                                                                                                                                                                                          Host: activate123.com
                                                                                                                                                                                                                                                                          Cache-Control: no-store,no-cache
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:34:02 UTC230INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:02 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 11
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          ETag: W/"b-qPm4i+t9q7Kd+kyPbGGXQ1sRj0Y"
                                                                                                                                                                                                                                                                          2024-04-18 23:34:02 UTC11INData Raw: 0d 0a 5b 73 74 72 69 6e 67 73 5d
                                                                                                                                                                                                                                                                          Data Ascii: [strings]


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                          30192.168.2.549767165.227.176.158443
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:34:09 UTC383OUTGET /rightbackup/notifier/notifier_rb.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                                          Host: activate123.com
                                                                                                                                                                                                                                                                          Connection: Close
                                                                                                                                                                                                                                                                          2024-04-18 23:34:09 UTC283INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:09 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 86
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          Location: http://offers.systweak.com/win/rb_nags/offerhtm/Notifier_rb.json
                                                                                                                                                                                                                                                                          Vary: Accept
                                                                                                                                                                                                                                                                          2024-04-18 23:34:09 UTC86INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 6f 66 66 65 72 73 2e 73 79 73 74 77 65 61 6b 2e 63 6f 6d 2f 77 69 6e 2f 72 62 5f 6e 61 67 73 2f 6f 66 66 65 72 68 74 6d 2f 4e 6f 74 69 66 69 65 72 5f 72 62 2e 6a 73 6f 6e
                                                                                                                                                                                                                                                                          Data Ascii: Found. Redirecting to http://offers.systweak.com/win/rb_nags/offerhtm/Notifier_rb.json


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                          31192.168.2.549771165.227.176.158443
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:34:18 UTC403OUTGET /rightbackup/notifier/update.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1
                                                                                                                                                                                                                                                                          Host: activate123.com
                                                                                                                                                                                                                                                                          Cache-Control: no-store,no-cache
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          2024-04-18 23:34:18 UTC230INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:18 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 11
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          ETag: W/"b-qPm4i+t9q7Kd+kyPbGGXQ1sRj0Y"
                                                                                                                                                                                                                                                                          2024-04-18 23:34:18 UTC11INData Raw: 0d 0a 5b 73 74 72 69 6e 67 73 5d
                                                                                                                                                                                                                                                                          Data Ascii: [strings]


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                          32192.168.2.549774165.227.176.158443
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-18 23:34:23 UTC383OUTGET /rightbackup/notifier/notifier_rb.asp?utm_source=securiteinfo.com.program.unwanted.5412.9308.3353&utm_medium=newbuild&utm_campaign=securiteinfo.com.program.unwanted.5412.9308.3353&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=&productid=10929&macid=4904161585493398696 HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                                          Host: activate123.com
                                                                                                                                                                                                                                                                          Connection: Close
                                                                                                                                                                                                                                                                          2024-04-18 23:34:23 UTC283INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                          Date: Thu, 18 Apr 2024 23:34:23 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 86
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          X-Powered-By: Express
                                                                                                                                                                                                                                                                          Location: http://offers.systweak.com/win/rb_nags/offerhtm/Notifier_rb.json
                                                                                                                                                                                                                                                                          Vary: Accept
                                                                                                                                                                                                                                                                          2024-04-18 23:34:23 UTC86INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 6f 66 66 65 72 73 2e 73 79 73 74 77 65 61 6b 2e 63 6f 6d 2f 77 69 6e 2f 72 62 5f 6e 61 67 73 2f 6f 66 66 65 72 68 74 6d 2f 4e 6f 74 69 66 69 65 72 5f 72 62 2e 6a 73 6f 6e
                                                                                                                                                                                                                                                                          Data Ascii: Found. Redirecting to http://offers.systweak.com/win/rb_nags/offerhtm/Notifier_rb.json


                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                          Start time:01:32:55
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          File size:14'973'712 bytes
                                                                                                                                                                                                                                                                          MD5 hash:630EAF6B2CD6A3D86A3575F746A660EA
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                          Start time:01:32:56
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-FD3PS.tmp\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.tmp" /SL5="$10474,14009033,878592,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.9308.3353.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          File size:3'238'784 bytes
                                                                                                                                                                                                                                                                          MD5 hash:C587F58BA1C48D1EF273A4B9F9E1CEAC
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000003.2475382796.0000000007630000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                          Start time:01:32:57
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                          Start time:01:32:57
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                          Start time:01:32:57
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                          Start time:01:32:57
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                          Start time:01:32:58
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                          Start time:01:32:58
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                          Start time:01:32:58
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                          Start time:01:32:58
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                          Start time:01:33:01
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                          Start time:01:33:01
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                          Start time:01:33:01
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                          Start time:01:33:01
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                                                          Start time:01:33:01
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                          Start time:01:33:01
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                          Start time:01:33:14
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                                          Start time:01:33:14
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                                          Start time:01:33:15
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                                                                                          Start time:01:33:15
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                                                                                          Start time:01:33:15
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                                                                                          Start time:01:33:15
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                                                                                          Start time:01:33:15
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                                                                                          Start time:01:33:15
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                                                                                          Start time:01:33:15
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                                                                                                          Start time:01:33:15
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                                                                                          Start time:01:33:15
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                                                                                          Start time:01:33:15
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                                                                                          Start time:01:33:16
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                                                                                                          Start time:01:33:16
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                                                                                          Start time:01:33:16
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RightBackup.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:33
                                                                                                                                                                                                                                                                          Start time:01:33:16
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                                                                                          Start time:01:33:16
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RBClientService.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                                                                                                          Start time:01:33:16
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                                                                                          Start time:01:33:16
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\taskkill.exe" /f /im "RBNotifier.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                                                                                          MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                                                                                          Start time:01:33:16
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup" /f
                                                                                                                                                                                                                                                                          Imagebase:0x380000
                                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup_startup" /f
                                                                                                                                                                                                                                                                          Imagebase:0x380000
                                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:41
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:42
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:43
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\schtasks.exe" /delete /tn "Right BackupNotifier" /f
                                                                                                                                                                                                                                                                          Imagebase:0x380000
                                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:44
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:45
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\schtasks.exe" /delete /tn "Right BackupNotifier_startup" /f
                                                                                                                                                                                                                                                                          Imagebase:0x380000
                                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:46
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:47
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\schtasks.exe" /delete /tn "Right BackupNotifier_trigger" /f
                                                                                                                                                                                                                                                                          Imagebase:0x380000
                                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:48
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:49
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\schtasks.exe" /delete /tn "NotifierRight Backup_WD" /f
                                                                                                                                                                                                                                                                          Imagebase:0x380000
                                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:50
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:51
                                                                                                                                                                                                                                                                          Start time:01:33:21
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Right Backup\RightBackup.exe" loadvalues
                                                                                                                                                                                                                                                                          Imagebase:0xd90000
                                                                                                                                                                                                                                                                          File size:6'809'984 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0E1DC3C18FD7BE48BDC6664E40705E1C
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000033.00000000.2282852815.0000000000D92000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:52
                                                                                                                                                                                                                                                                          Start time:01:33:24
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:53
                                                                                                                                                                                                                                                                          Start time:01:33:29
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Right Backup\RightBackup.exe" install
                                                                                                                                                                                                                                                                          Imagebase:0xb70000
                                                                                                                                                                                                                                                                          File size:6'809'984 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0E1DC3C18FD7BE48BDC6664E40705E1C
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:54
                                                                                                                                                                                                                                                                          Start time:01:33:30
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Right Backup\RBClientService.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Right Backup\RBClientService.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x10000
                                                                                                                                                                                                                                                                          File size:471'936 bytes
                                                                                                                                                                                                                                                                          MD5 hash:E3EDEEE8F3B5C66ED697C231F0DDB056
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000036.00000000.2372039696.0000000000012000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:55
                                                                                                                                                                                                                                                                          Start time:01:33:41
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Right Backup\RightBackup.exe" firstinstall -autoscanafterinstall -fireurlsilently
                                                                                                                                                                                                                                                                          Imagebase:0xb50000
                                                                                                                                                                                                                                                                          File size:6'809'984 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0E1DC3C18FD7BE48BDC6664E40705E1C
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:56
                                                                                                                                                                                                                                                                          Start time:01:33:41
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Right Backup\RBNotifier.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Right Backup\RBNotifier.exe" createschedule -fireurlsilently
                                                                                                                                                                                                                                                                          Imagebase:0xe0000
                                                                                                                                                                                                                                                                          File size:316'288 bytes
                                                                                                                                                                                                                                                                          MD5 hash:9224B0817D3684EAE9E20804F29D3DED
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000038.00000000.2474621787.00000000000E2000.00000002.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000038.00000002.2706199675.0000000004AA2000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:58
                                                                                                                                                                                                                                                                          Start time:01:33:46
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Right Backup\RightBackup.exe" loadvalues
                                                                                                                                                                                                                                                                          Imagebase:0x600000
                                                                                                                                                                                                                                                                          File size:6'809'984 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0E1DC3C18FD7BE48BDC6664E40705E1C
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:60
                                                                                                                                                                                                                                                                          Start time:01:33:55
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Right Backup\RightBackup.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Right Backup\RightBackup.exe" autolaunch
                                                                                                                                                                                                                                                                          Imagebase:0xbb0000
                                                                                                                                                                                                                                                                          File size:6'809'984 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0E1DC3C18FD7BE48BDC6664E40705E1C
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:61
                                                                                                                                                                                                                                                                          Start time:01:33:57
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Right Backup\RBNotifier.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Right Backup\RBNotifier.exe" neweventtrigger
                                                                                                                                                                                                                                                                          Imagebase:0x930000
                                                                                                                                                                                                                                                                          File size:316'288 bytes
                                                                                                                                                                                                                                                                          MD5 hash:9224B0817D3684EAE9E20804F29D3DED
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:62
                                                                                                                                                                                                                                                                          Start time:01:33:57
                                                                                                                                                                                                                                                                          Start date:19/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Right Backup\RBNotifier.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Right Backup\RBNotifier.exe" startup
                                                                                                                                                                                                                                                                          Imagebase:0xc20000
                                                                                                                                                                                                                                                                          File size:316'288 bytes
                                                                                                                                                                                                                                                                          MD5 hash:9224B0817D3684EAE9E20804F29D3DED
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:1%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                                                            Total number of Nodes:40
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:3
                                                                                                                                                                                                                                                                            execution_graph 84900 56bb8e8 84903 56bb910 84900->84903 84904 56bb922 84903->84904 84905 56bb8f9 84904->84905 84907 56b5d6c 84904->84907 84908 56bb970 WritePrivateProfileStringW 84907->84908 84910 56bba2d 84908->84910 84910->84904 84940 1c0d104 84941 1c0d11c 84940->84941 84942 1c0d177 84941->84942 84944 1c58de0 84941->84944 84945 1c58e08 84944->84945 84948 1c59290 84945->84948 84946 1c58e2f 84949 1c592b5 84948->84949 84950 1c58590 VirtualProtect 84949->84950 84952 1c59362 84949->84952 84951 1c59356 84950->84951 84951->84946 84952->84946 84953 1c0d01c 84954 1c0d034 84953->84954 84955 1c0d08f 84954->84955 84956 1c58de0 VirtualProtect 84954->84956 84956->84955 84911 1c50848 84913 1c50851 84911->84913 84915 1c550e5 84911->84915 84918 1c524e2 84911->84918 84921 1c58590 84915->84921 84929 1c594c0 84918->84929 84923 1c585a3 84921->84923 84925 1c58980 84923->84925 84926 1c589c8 VirtualProtect 84925->84926 84928 1c55100 84926->84928 84932 1c52f72 84929->84932 84933 1c5952f 84932->84933 84936 1c595a0 84933->84936 84937 1c595e0 VirtualAlloc 84936->84937 84939 1c52502 84937->84939 84957 1c58698 84959 1c586eb LoadLibraryA 84957->84959 84960 1c58799 84959->84960

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 01C50C63 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 252 1c50c63-1c50c65 253 1c50c67-1c50c69 252->253 254 1c50c32-1c50c35 252->254 255 1c50c36-1c50c5b 253->255 256 1c50c6b-1c50c8a 253->256 254->255 258 1c50c95-1c50f31 256->258
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2310118563.0000000001C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01C50000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_1c50000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4']q$4']q
                                                                                                                                                                                                                                                                            • API String ID: 0-3120983240
                                                                                                                                                                                                                                                                            • Opcode ID: a5272adf68214e343c4dbad1f3b00410a43528f840136727f7f941be56361233
                                                                                                                                                                                                                                                                            • Instruction ID: 43d2cc726199d8ee95d1755079b79796b7a94f46480737a6fa1d73d0cc5a5fb4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5272adf68214e343c4dbad1f3b00410a43528f840136727f7f941be56361233
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B815C70A002069FD709DF7AE95069A7BE3FF98304B14D279D0059B269FF389806CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 01C50C70 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 296 1c50c70-1c50c8a 297 1c50c95-1c50f31 296->297
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2310118563.0000000001C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01C50000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_1c50000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4']q$4']q
                                                                                                                                                                                                                                                                            • API String ID: 0-3120983240
                                                                                                                                                                                                                                                                            • Opcode ID: b8c36dd45a875f4b12ebec4ccf3a00757ec7f9337d700f592e97d9ec034bd2e1
                                                                                                                                                                                                                                                                            • Instruction ID: e9ad7efa27fc020f814a29241bfdeb0d80db8d1f0cf9a72f267dcf1396d31656
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8c36dd45a875f4b12ebec4ccf3a00757ec7f9337d700f592e97d9ec034bd2e1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE710A70A002069FD70DDF6AE95069A7BE7FF98304F15D679C0059B269FF399805CB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 01C5C338 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 333 1c5c338-1c5c352 334 1c5c35d-1c5c5f9 333->334
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2310118563.0000000001C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01C50000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_1c50000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4']q$4']q
                                                                                                                                                                                                                                                                            • API String ID: 0-3120983240
                                                                                                                                                                                                                                                                            • Opcode ID: 290e6559eceb3078eacdd66c0ca47601293ebb2881268ded2769c3cac799874b
                                                                                                                                                                                                                                                                            • Instruction ID: e16092460fc9f687b75c27f345e7f4d7d2e9e2d6d2ba4a7d5f9b3d50880fff4c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 290e6559eceb3078eacdd66c0ca47601293ebb2881268ded2769c3cac799874b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67716C70A402059FDB0CDF7AEA9079A7BE3FFD8300F04D669D1069B224EB795805CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 056B4D60 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2330860074.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_56b0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d7fb90467b2af55971939c9a49cdde753d9c34d05e7abc72254b7240ddeab2b9
                                                                                                                                                                                                                                                                            • Instruction ID: 808232272850d799868817b0c0d743b97c3885a71b5375fefb7199e459310b20
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7fb90467b2af55971939c9a49cdde753d9c34d05e7abc72254b7240ddeab2b9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56615D303046058BEB19EA35E54877D3EA7FFC6351F4A4929E0069B265DFB8AC8AC740
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 01C58698 Relevance: 1.6, APIs: 1, Instructions: 96libraryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 406 1c58698-1c586f7 408 1c586f9-1c5871e 406->408 409 1c5874b-1c58797 LoadLibraryA 406->409 408->409 414 1c58720-1c58722 408->414 412 1c587a0-1c587d1 409->412 413 1c58799-1c5879f 409->413 421 1c587e1 412->421 422 1c587d3-1c587d7 412->422 413->412 415 1c58745-1c58748 414->415 416 1c58724-1c5872e 414->416 415->409 418 1c58730 416->418 419 1c58732-1c58741 416->419 418->419 419->419 423 1c58743 419->423 422->421 424 1c587d9-1c587dc call 1c5019c 422->424 423->415 424->421
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2310118563.0000000001C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01C50000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_1c50000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4ce995058983e70d0b79026aa915c2e77a5c59eeaea7172845b4e2bbe22ed4af
                                                                                                                                                                                                                                                                            • Instruction ID: 928a10b4abab5f770e5c658eae335cd8fcc82c2d85475a6bdec2eaf55ea4c239
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ce995058983e70d0b79026aa915c2e77a5c59eeaea7172845b4e2bbe22ed4af
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB4147B0D00649CFDB50DFAAC885B9EBBF1EB48750F148129E815EB290D778A885CF95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 056B5D6C Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 426 56b5d6c-56bb9bc 428 56bb9be-56bb9c4 426->428 429 56bb9c7-56bb9cb 426->429 428->429 430 56bb9cd-56bb9d0 429->430 431 56bb9d3-56bb9d9 429->431 430->431 432 56bb9db-56bb9e4 431->432 433 56bb9e7-56bb9ed 431->433 432->433 434 56bb9fb-56bba2b WritePrivateProfileStringW 433->434 435 56bb9ef-56bb9f8 433->435 436 56bba2d-56bba35 434->436 437 56bba36-56bba4a 434->437 435->434 436->437
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,056BB944,?,?), ref: 056BBA1E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2330860074.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_56b0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PrivateProfileStringWrite
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 390214022-0
                                                                                                                                                                                                                                                                            • Opcode ID: aeb1d8e1c4c57da02c2b76f3665920707cca9cbb26d33ae6dcf255d9a74271c6
                                                                                                                                                                                                                                                                            • Instruction ID: 5c2a3400bfa0610dc36124e4bd67f49efb57a3bf716c25806d1920da2fa6129a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aeb1d8e1c4c57da02c2b76f3665920707cca9cbb26d33ae6dcf255d9a74271c6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2631D3B5D04209DFDB14DF9AD484AEEBBF4FB48314F10842AE859A7710D374A985CFA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 01C58980 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 439 1c58980-1c58a01 VirtualProtect 442 1c58a03-1c58a09 439->442 443 1c58a0a-1c58a2f 439->443 442->443
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 01C589F4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2310118563.0000000001C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01C50000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_1c50000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                                                                                                                                                            • Opcode ID: cf481887c7ccdb55c85c4e9069dffc9ef2cb4d958db71621acbb8d833b46ad0b
                                                                                                                                                                                                                                                                            • Instruction ID: 8dd5478c22510048b2302f12aca1ceaaa5311b4a691c6dfaf13faf684e6eaa8c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf481887c7ccdb55c85c4e9069dffc9ef2cb4d958db71621acbb8d833b46ad0b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2011F4B1D002499FDB10DFAAC484AAEFBF5FF48320F10842AD519A7250C779A944CFA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 01C595A0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 567 1c595a0-1c59618 VirtualAlloc 570 1c59621-1c59646 567->570 571 1c5961a-1c59620 567->571 571->570
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 01C5960B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2310118563.0000000001C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 01C50000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_1c50000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                            • Opcode ID: 43373a8caf4342dddd7ba141f508d6053050ab04af596762aec410d79dfbba16
                                                                                                                                                                                                                                                                            • Instruction ID: 0b800c5ca2fc206ff12b4aa17ed2da78ed7be50c5154e406396f1d3baaa9f236
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43373a8caf4342dddd7ba141f508d6053050ab04af596762aec410d79dfbba16
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F11126B58002098BCB10DFAAC844AEEFBF5EF88324F108819D519A7250CB79A544CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 01C0D104 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2309840564.0000000001C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01C0D000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_1c0d000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8d682460b007d08eb02639fb7eeadaf4bc85b3c668f3e2b7e1877226a1d9d2d1
                                                                                                                                                                                                                                                                            • Instruction ID: bbf0e2d59008b855d77eced0e62abe9fee6e639c2eb85817f3115dda71e3efca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d682460b007d08eb02639fb7eeadaf4bc85b3c668f3e2b7e1877226a1d9d2d1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73212571104244DFDF06DFD8D980F36BF65FB88324F208569E90A0B296C73AD506CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 01C0D01C Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2309840564.0000000001C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01C0D000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_1c0d000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3fc01680789507956d72691869b7742096e47b09f1751aa12083226510a88b3b
                                                                                                                                                                                                                                                                            • Instruction ID: 13f099ac1928ad54c994dac9678603fd45c7d77ff319da96036c094126963163
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fc01680789507956d72691869b7742096e47b09f1751aa12083226510a88b3b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4321F571504244DFDB16DF98D9C4B26BF65FB84358F24C569E90E0B296C33AD406CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 01C0D005 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2309840564.0000000001C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01C0D000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_1c0d000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6a76effed388a8e93b801d089fec30c82ad5890eb17a94137f606101b33ead5e
                                                                                                                                                                                                                                                                            • Instruction ID: a0508d1c420748a466778ae05e98846e21510e41dcd62415b9acac879a4ed077
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a76effed388a8e93b801d089fec30c82ad5890eb17a94137f606101b33ead5e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E21B071009380CFDB03CF64D994715BF71FB86214F2881EAD8498B693C33AD90ACB62
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 01C0D0FF Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2309840564.0000000001C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01C0D000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_1c0d000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                                                                                                                                                                                                            • Instruction ID: 033905cf26000b241a74af1c9081f533334818c145b071c921c7419171ed100a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4311B176504284CFDB06CF94D9C4B26BF72FB84324F24C5A9DD0A0B696C336D51ACBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 06AAA668 Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ___getlocaleinfo
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1937885557-0
                                                                                                                                                                                                                                                                            • Opcode ID: 910b9f5c7975ce679b60f04f261af04877a3d52cf41743903b46f6abae64f2c6
                                                                                                                                                                                                                                                                            • Instruction ID: 31461dec38cb2802504854bc4fe6fcd99af06faa4fa62dea6697cd83ba0d5ebb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 910b9f5c7975ce679b60f04f261af04877a3d52cf41743903b46f6abae64f2c6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74E102B2D4020DBEEF51EAF0CD80EFFB7BDEB04744F05492AB615E2441EA71AA159760
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A98350 Relevance: 36.1, APIs: 18, Strings: 2, Instructions: 1098COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memsetsqlite3_initialize.
                                                                                                                                                                                                                                                                            • String ID: 0$VUUU
                                                                                                                                                                                                                                                                            • API String ID: 3439443177-3643121541
                                                                                                                                                                                                                                                                            • Opcode ID: f1c54da32df1623c3720877cbce014d46384958dbc9603923945c9dc2f233cea
                                                                                                                                                                                                                                                                            • Instruction ID: 7c4708647e053a246744b4e47cd6e7e956eb97a3fc40dcb98b1edc7aa2cb9bcc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1c54da32df1623c3720877cbce014d46384958dbc9603923945c9dc2f233cea
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19929F70A043008FDBA4EF18C984B6AB7F5BF85304F29496DED499B351D735E845CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8FD10 Relevance: 19.7, APIs: 10, Strings: 1, Instructions: 464COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,?,?,?,?,?,06A903C4,?,?,?,?), ref: 06A8FD65
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A572C,?,?,?,?,?,?,?,?,?,?,06A903C4,?,?,?,?), ref: 06A8FD76
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,?,?,?,06A903C4,?,?,?,?,?,?,?,?), ref: 06A8FDA2
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,06A903C4,?,?,?,?), ref: 06A8FDB9
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,06A903C4,?,?,?,?,?,?,?,?), ref: 06A8FDFE
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A8FFEB
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A90198
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,06A903C4,?,?,?,?), ref: 06A901D2
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,06A903C4,?,?,?,?), ref: 06A901E1
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,06A903C4,?,?,?,?), ref: 06A901F1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_step.$_memsetsqlite3_bind_int64.sqlite3_finalize.sqlite3_initialize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID: ,
                                                                                                                                                                                                                                                                            • API String ID: 2451909139-3772416878
                                                                                                                                                                                                                                                                            • Opcode ID: 27f3342b69e2c6703aa7598458dbb4ec048828846bafadd1a3a801b741657055
                                                                                                                                                                                                                                                                            • Instruction ID: ffe71e7e1e942ad4ab734c2bb65fd9d1827dd901c822d94c2675a1cf46968d89
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27f3342b69e2c6703aa7598458dbb4ec048828846bafadd1a3a801b741657055
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AF19271A003029FEBA0FF28DC84B26B7E4AF55748F29052CE9459B781E735E950CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A802E0 Relevance: 18.7, Strings: 14, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: ($)$6$7$7$?$@$F$F$m$m$z${${
                                                                                                                                                                                                                                                                            • API String ID: 0-2503807123
                                                                                                                                                                                                                                                                            • Opcode ID: b383f2824b6e933863c350e0117a475a874268cc9598bf394d2293240308a7e9
                                                                                                                                                                                                                                                                            • Instruction ID: 38486ad540ade647a6f8a73fe143ea9fce3c67b1dc86f12663d39b4ce85d0e02
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b383f2824b6e933863c350e0117a475a874268cc9598bf394d2293240308a7e9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56B28A70A083418FD794EF18C880A2BBBE1FF88314F15895DF9998B352D771E949CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8B280 Relevance: 13.6, APIs: 9, Instructions: 146COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000), ref: 06A8B2CD
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A5730), ref: 06A8B2DE
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?), ref: 06A8B303
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A8B314
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A8B329
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A8B3A9
                                                                                                                                                                                                                                                                            • sqlite3_column_int64.SYSTEM.DATA.SQLITE(?,00000000), ref: 06A8B3C5
                                                                                                                                                                                                                                                                            • sqlite3_column_int64.SYSTEM.DATA.SQLITE(?,00000001,?,00000000), ref: 06A8B3D5
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000001,?,00000000), ref: 06A8B3E3
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_step.$sqlite3_column_int64.sqlite3_free.$sqlite3_bind_int64.sqlite3_initialize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2456705948-0
                                                                                                                                                                                                                                                                            • Opcode ID: 21e6cdb5729e87ed423568930598dbf6bee0d8da9cdf28ac7448f7540a20a927
                                                                                                                                                                                                                                                                            • Instruction ID: fc7689f2ccdc1fcc41ddade35d9f94c05c78be31c25b53ac6cf2995694c43cb1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21e6cdb5729e87ed423568930598dbf6bee0d8da9cdf28ac7448f7540a20a927
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9041E7B1A002009FDBA0BB29AC81B6BB3A8EF85614F154565F91ADF251E731EC50C7B1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8B150 Relevance: 13.6, APIs: 9, Instructions: 119COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000), ref: 06A8B19D
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A5728), ref: 06A8B1AE
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?), ref: 06A8B1D7
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000002,?), ref: 06A8B1EC
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000003,?,?), ref: 06A8B203
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000004,?,?), ref: 06A8B21A
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000005,?,?), ref: 06A8B231
                                                                                                                                                                                                                                                                            • sqlite3_bind_blob.SYSTEM.DATA.SQLITE(?,00000006,?,?,00000000), ref: 06A8B249
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A8B264
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.$sqlite3_free.$sqlite3_bind_blob.sqlite3_initialize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 163238251-0
                                                                                                                                                                                                                                                                            • Opcode ID: be2898aebfd4514b16516d7a5614b5eda8311af2a5a31e0c8f055fc5b0441bff
                                                                                                                                                                                                                                                                            • Instruction ID: 32ef935da1f3e09a03a908dc1c21e2afb21ae1ed6db6dc6e3b62589f00359e5d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be2898aebfd4514b16516d7a5614b5eda8311af2a5a31e0c8f055fc5b0441bff
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F315EB5A002006FEB94FB549D81E7F33ADABC4658F064158FD289B242F735E80086B1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A72CF0 Relevance: 12.8, APIs: 5, Strings: 1, Instructions: 2293COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A72E64
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A733AD
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 06A735E9
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,00000000,?,?), ref: 06A7364B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memsetsqlite3_free.
                                                                                                                                                                                                                                                                            • String ID: s
                                                                                                                                                                                                                                                                            • API String ID: 798214537-453955339
                                                                                                                                                                                                                                                                            • Opcode ID: 56adb00e9ab0dd3d7214ac728bd0053fca2d115d69fd960cd4b1bf2ac0e18c26
                                                                                                                                                                                                                                                                            • Instruction ID: bf3fb41df09f5e976df78a0c7f76629ad7ed55f4342483e8ba52c871abcd34da
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56adb00e9ab0dd3d7214ac728bd0053fca2d115d69fd960cd4b1bf2ac0e18c26
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5236071904785CFDBA4EF18C880A6AB7F1FF84300F59896EE49A8B711D731E949CB52
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8AFE0 Relevance: 12.1, APIs: 8, Instructions: 139COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000), ref: 06A8B02D
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A5724), ref: 06A8B03E
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?), ref: 06A8B063
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A8B074
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A8B089
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A8B109
                                                                                                                                                                                                                                                                            • sqlite3_column_int.SYSTEM.DATA.SQLITE(?,00000000), ref: 06A8B125
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000000), ref: 06A8B130
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_step.$sqlite3_free.$sqlite3_bind_int64.sqlite3_column_int.sqlite3_initialize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 830197832-0
                                                                                                                                                                                                                                                                            • Opcode ID: 47343e533d936c339a849e6a4a88de283e2578eb8672917a44594876089af197
                                                                                                                                                                                                                                                                            • Instruction ID: a373c2be0ca5647debaa12a8419b387ec4643355f143f5a7b13441ad4323e87e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47343e533d936c339a849e6a4a88de283e2578eb8672917a44594876089af197
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6441F9B5F102005FDAE0BB29ED81BBA77B8AB45214F154135F929DF251E732E850C7B2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A90DE0 Relevance: 12.1, APIs: 8, Instructions: 108COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,?,?,?,?,?,?,?,?,00000000,?,?), ref: 06A90E2B
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A5718,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 06A90E3C
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(00000000,00000001,?,?,?,?,?,?,?,?,00000000,?,?,?,00000000,?), ref: 06A90E61
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,00000000), ref: 06A90E72
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,00000000,?), ref: 06A90E8D
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            • sqlite3_column_bytes.SYSTEM.DATA.SQLITE(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A90EB9
                                                                                                                                                                                                                                                                            • sqlite3_column_blob.SYSTEM.DATA.SQLITE(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A90EC3
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A90ED9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_step.$sqlite3_bind_int64.sqlite3_column_blob.sqlite3_column_bytes.sqlite3_initialize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 267462727-0
                                                                                                                                                                                                                                                                            • Opcode ID: adf4d71697f7a4ac718465019e3d5379db050c49398d8882eefa83e36898503d
                                                                                                                                                                                                                                                                            • Instruction ID: d460588bf7f922d7a1f97a45f443124a8b52bfa50c720ad8893b1b252800610d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adf4d71697f7a4ac718465019e3d5379db050c49398d8882eefa83e36898503d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 853105B1B542106FDA90BB28EC81E7B77E8EF852A4F11056CFD15DB241F626F90182B2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A75360 Relevance: 11.3, APIs: 5, Strings: 1, Instructions: 755COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                                                                            • String ID: 8
                                                                                                                                                                                                                                                                            • API String ID: 2102423945-4194326291
                                                                                                                                                                                                                                                                            • Opcode ID: 543b8ba5e902dd500abf660bb243da09309a4afb89600c6d3300520decb544c2
                                                                                                                                                                                                                                                                            • Instruction ID: 1d75d5a77c140114d2aee6d0e231038cb6dec87a86aa8ba4a6a96cc1fa377069
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 543b8ba5e902dd500abf660bb243da09309a4afb89600c6d3300520decb544c2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1062B170E043418FD794EF28CC80B6AB7E1BF85314F19896DE8959B351EB70E945CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A993A0 Relevance: 10.9, APIs: 7, Instructions: 375COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A957C0: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?), ref: 06A957FB
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?), ref: 06A9945F
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A9947A
                                                                                                                                                                                                                                                                              • Part of subcall function 06A98080: sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,?,?,?,06A98322,?,?), ref: 06A980E8
                                                                                                                                                                                                                                                                              • Part of subcall function 06A98080: sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000001,?,?,?,?,?,06A98322,?,?), ref: 06A980F4
                                                                                                                                                                                                                                                                              • Part of subcall function 06A98080: sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,06A98322,?,?), ref: 06A98103
                                                                                                                                                                                                                                                                              • Part of subcall function 06A98080: sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,06A98322,?,?), ref: 06A98120
                                                                                                                                                                                                                                                                              • Part of subcall function 06A98080: sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000001,?,?,?,?,?,?,?,?,?,?,?,06A98322,?), ref: 06A9812C
                                                                                                                                                                                                                                                                              • Part of subcall function 06A98080: sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,06A98322), ref: 06A9813B
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000001,?,?), ref: 06A9946B
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4CD10: sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A4CD77
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A99521
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A99698
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A996AC
                                                                                                                                                                                                                                                                              • Part of subcall function 06A964B0: sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?), ref: 06A964D5
                                                                                                                                                                                                                                                                              • Part of subcall function 06A964B0: sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000001,?,?), ref: 06A964E1
                                                                                                                                                                                                                                                                              • Part of subcall function 06A964B0: sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A9657B
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A996D0
                                                                                                                                                                                                                                                                              • Part of subcall function 06A95B10: sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A95B65
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_reset.$sqlite3_step.$sqlite3_bind_int64.$sqlite3_free.$sqlite3_initialize.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 192294807-0
                                                                                                                                                                                                                                                                            • Opcode ID: f9a5c3178f31e954bf62dadfe3f75aa69460d19d147a247185b5e0ccc16e4831
                                                                                                                                                                                                                                                                            • Instruction ID: f0804baf174443d8352cd67c4bc04d8b3e00dcdc696e7991b26a0acb0af28f5d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9a5c3178f31e954bf62dadfe3f75aa69460d19d147a247185b5e0ccc16e4831
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49D1B4B1A04301ABDB94FF68DDC0A6BB7E4BF84204F19492CE95987301E775E954CBB2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A6C210 Relevance: 10.7, APIs: 5, Instructions: 3230COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2102423945-0
                                                                                                                                                                                                                                                                            • Opcode ID: 509b6561e2c16a8e17b53f258b198d29de4844aeb689256bee7b175e8f788d7f
                                                                                                                                                                                                                                                                            • Instruction ID: d13255090b6b9dc3239b6aac8058d9dbdf27d8c36364db16d8088d61b8e8357b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 509b6561e2c16a8e17b53f258b198d29de4844aeb689256bee7b175e8f788d7f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1438E70A083419FDBA0FF25CD80B2A77E1AF84314F15896DF96A9F282D771E905CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8FA30 Relevance: 10.6, APIs: 7, Instructions: 122COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A8FA44
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,06A91018,?,?,?,?,?,?,?,?), ref: 06A8FA6F
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,?,?,?,?,?,?,?,?,06A91018,?,?,?), ref: 06A8FAE3
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A8FAFA
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A8FB07
                                                                                                                                                                                                                                                                            • sqlite3_column_bytes.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A8FB31
                                                                                                                                                                                                                                                                            • sqlite3_column_blob.SYSTEM.DATA.SQLITE(?,00000000,?,00000000), ref: 06A8FB41
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.$_memsetsqlite3_column_blob.sqlite3_column_bytes.sqlite3_initialize.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2509142694-0
                                                                                                                                                                                                                                                                            • Opcode ID: d6d3d9a214f449d69a8bd79d82e310aed657ed9ba08aafdf6b4b8692f1e361f1
                                                                                                                                                                                                                                                                            • Instruction ID: 2dba28fe0b9781ba5ce4eaaf4f5e90661fb7aa3b8ab3afd25bf34d5aa68d4721
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6d3d9a214f449d69a8bd79d82e310aed657ed9ba08aafdf6b4b8692f1e361f1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B317CB1A10606AFD790FB24DD81A66B3A8FB48264F004625ED28D7A41F731E924C7E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8DBE0 Relevance: 10.6, APIs: 7, Instructions: 110COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8DBF1
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8DBFD
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8DC09
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A8DC32
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4CD10: sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A4CD77
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A8DC6E
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?), ref: 06A8DC92
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_reset.$sqlite3_bind_int64.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3871640622-0
                                                                                                                                                                                                                                                                            • Opcode ID: 16654e326c85d03c6907d1e3b4d9c5ce2f98d74b671247121e64d28696625679
                                                                                                                                                                                                                                                                            • Instruction ID: 44c0f871f2241c6259b157217c0b2807d721f0c85cad1f2991fbf3f3d9ab773c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16654e326c85d03c6907d1e3b4d9c5ce2f98d74b671247121e64d28696625679
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9431C1B2A00B004FD7B0FF7AAD40567B3E4EB88225B004A3ED95EC7A40E676F454CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A957C0 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A95650: __allrem.LIBCMT ref: 06A956B4
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?), ref: 06A957FB
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,06A960C1,?,?,?,?), ref: 06A95875
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000001,06A960C1,?,?,?,?), ref: 06A95881
                                                                                                                                                                                                                                                                            • sqlite3_column_blob.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?,?,?,?,?), ref: 06A95897
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?), ref: 06A958B7
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?), ref: 06A958CE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __allremsqlite3_bind_int64.sqlite3_column_blob.sqlite3_free.sqlite3_initialize.sqlite3_reset.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2410633461-0
                                                                                                                                                                                                                                                                            • Opcode ID: b89b1b1c94eaf46c2c0814c99652662bacde0a7dae1742565cbad7824e503e5e
                                                                                                                                                                                                                                                                            • Instruction ID: 1a443492ba400eda75155c97bf5108ef3edd87f99676a4ba1a702b3911608b78
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b89b1b1c94eaf46c2c0814c99652662bacde0a7dae1742565cbad7824e503e5e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E41CEB1E107119FDBA9FF69C881A23B3E4BF44210F218A2DE8158B201DB34F800CBE0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8AB80 Relevance: 9.1, APIs: 6, Instructions: 115COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A800: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,?,?), ref: 06A8A87F
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A800: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?), ref: 06A8A895
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,00000002,?), ref: 06A8ABBB
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,00000002,?), ref: 06A8ABCC
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4CD10: sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A4CD77
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,00000002,?), ref: 06A8ABE4
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,00000002,?), ref: 06A8AC5D
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A310: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,06A8AC49,?,?,?,?,?,?,?,?,00000002,?), ref: 06A8A323
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,00000002,?), ref: 06A8AC93
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,00000002,?), ref: 06A8ACA5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.sqlite3_step.$sqlite3_bind_int64.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1557924352-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0f576da40f961f77df10a2cf1cbd5e4ebe8ef7ed32c1f3f40e7181b394bf71d9
                                                                                                                                                                                                                                                                            • Instruction ID: 982e6aba40170541012ee80cd665e4b22b4fbff5c5aae5504b21adb2f6968be4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f576da40f961f77df10a2cf1cbd5e4ebe8ef7ed32c1f3f40e7181b394bf71d9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C31A7F5A043045FD7D0FF649D8052B7394AFC5214F16091AF9668B302EB36E805C7E2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A98080 Relevance: 9.1, APIs: 6, Instructions: 88COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,?,?,?,06A98322,?,?), ref: 06A980E8
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000001,?,?,?,?,?,06A98322,?,?), ref: 06A980F4
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,06A98322,?,?), ref: 06A98103
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,06A98322,?,?), ref: 06A98120
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000001,?,?,?,?,?,?,?,?,?,?,?,06A98322,?), ref: 06A9812C
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,06A98322), ref: 06A9813B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.sqlite3_reset.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 722953337-0
                                                                                                                                                                                                                                                                            • Opcode ID: c27b6d4c75e6179665ddfb89063eeaadaa12e9afca7d2467d73233cc15baa3a6
                                                                                                                                                                                                                                                                            • Instruction ID: cff80565d0d1c55bd48bce97426ffd5d10e3e8382545f4b5ae535c4b3a1b32cb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c27b6d4c75e6179665ddfb89063eeaadaa12e9afca7d2467d73233cc15baa3a6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 122182B1A006016FEB94FB65DD80E73F3E8EF85254F20891CE96A87201E735F81487B0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8AF10 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,?,?,?,00000000,?,?), ref: 06A8AF50
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A571C,?,?,?,?,?,?,?,?,00000000,?,?), ref: 06A8AF61
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,?,00000000,?,?), ref: 06A8AF84
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000002,?,?,?,?,?,?,?,00000000,?,?), ref: 06A8AF9D
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 06A8AFAA
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,06A8B45F,?,?,?,?,00000000,?,?), ref: 06A8AFC4
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.sqlite3_free.$sqlite3_initialize.sqlite3_reset.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4196300539-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1c1299d54f05f463469d79629f01c3fcb35ce21aa171a4079baafbe18da74929
                                                                                                                                                                                                                                                                            • Instruction ID: 0d8c542a7b5f14aa202106e8bc5b348c7e6c5955ca10fff62eaeccbcb4ef8034
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c1299d54f05f463469d79629f01c3fcb35ce21aa171a4079baafbe18da74929
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A11C3F6A142006FE794BB249D81E3B73ACDF94218F060529FE16DB242F765EC0187A2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A79740 Relevance: 8.7, APIs: 4, Instructions: 2731COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A79DE1
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,00000000,?,00000000), ref: 06A7B8DA
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,00000000), ref: 06A7B915
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,00000000), ref: 06A7B98B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$_memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1929870871-0
                                                                                                                                                                                                                                                                            • Opcode ID: a65288d81a69af768aed953e37324baff9f8d97f309157f5f801ee8e654aa876
                                                                                                                                                                                                                                                                            • Instruction ID: a31949af5ffc7376d707fabfc1a231947edc88c0c89bcd9f0a476b50027d1642
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a65288d81a69af768aed953e37324baff9f8d97f309157f5f801ee8e654aa876
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2433A70908781DFC764DF18C88096ABBF1FF85314F1989AEE59A8B312D731E945CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A81310 Relevance: 7.8, APIs: 2, Strings: 2, Instructions: 840COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                                                                            • String ID: @$@
                                                                                                                                                                                                                                                                            • API String ID: 2102423945-149943524
                                                                                                                                                                                                                                                                            • Opcode ID: e729c79bd8c5360688599924413cbdb6afd41765d479b63d791e5bf1888d0702
                                                                                                                                                                                                                                                                            • Instruction ID: 97b4a2c81b6474946a90658fecf6e92546c9083c689dbd558959eb36e70dbc33
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e729c79bd8c5360688599924413cbdb6afd41765d479b63d791e5bf1888d0702
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20728D719047428FD794EF28C880B6ABBE1FF88314F158A5DE8999B351D730ED46CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8E020 Relevance: 7.7, APIs: 5, Instructions: 176COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?), ref: 06A8E048
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000), ref: 06A8E105
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8E116
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A8E13D
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,00000000), ref: 06A8E1DE
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8DBE0: sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8DBF1
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8DBE0: sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8DBFD
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8DBE0: sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8DC09
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8DBE0: sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A8DC32
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_bind_int64.sqlite3_finalize.sqlite3_reset.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 859131989-0
                                                                                                                                                                                                                                                                            • Opcode ID: 15356dfb3d1d3dedf128c474a3eb5dde5609b0975ef22698f6e6995197d2e378
                                                                                                                                                                                                                                                                            • Instruction ID: 8c2bf766b878375089a3d448d2ac866294b35b58397321f473e1f790b7437425
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15356dfb3d1d3dedf128c474a3eb5dde5609b0975ef22698f6e6995197d2e378
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A51B0B5A00202AFC790FF29DD40A97B7E4FF84250F058529E928D7741EB30E960CBE1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8AA20 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,00000000,000000FF,00000001,00000000), ref: 06A8AA7C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A8AA89
                                                                                                                                                                                                                                                                            • sqlite3_bind_value.SYSTEM.DATA.SQLITE(?,00000001), ref: 06A8AABC
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE ref: 06A8AB1D
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A8AB38
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A690: sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A8A75E
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A690: sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A8A7AE
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_initialize.$sqlite3_free.$sqlite3_bind_value.sqlite3_reset.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1038009764-0
                                                                                                                                                                                                                                                                            • Opcode ID: a3754b6c1fc8b03f6106870b01d69835d0947c9a16111d6cf457841e3531a513
                                                                                                                                                                                                                                                                            • Instruction ID: 3bb9347a949cc7fef9c5dc145be05b01a9fa0fc5a78ae56b0101d8f3488ef44a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3754b6c1fc8b03f6106870b01d69835d0947c9a16111d6cf457841e3531a513
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D931C1B1A102019FDB80FF28DD85A27B3E9FF88218F054665ED19DB242E735E911CBD2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8B410 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8B280: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000), ref: 06A8B2CD
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8B280: sqlite3_free.SYSTEM.DATA.SQLITE(100A5730), ref: 06A8B2DE
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8B280: sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?), ref: 06A8B303
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8B280: sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A8B314
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 06A8B4A5
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A5734,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 06A8B4B6
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,?,?,?,?,?,00000000,?,?), ref: 06A8B4D6
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 06A8B4E3
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,00000000,?,?), ref: 06A8B4FF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_bind_int64.sqlite3_step.$sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3990948849-0
                                                                                                                                                                                                                                                                            • Opcode ID: 83dbc418e235ed7b2ac3517a945f37ed52a2b5b302a3f1064b60927bb9caa6f4
                                                                                                                                                                                                                                                                            • Instruction ID: a55834f771aabe07120c329cfb8021443ff76a34f57ee6d979a37c5360caa405
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83dbc418e235ed7b2ac3517a945f37ed52a2b5b302a3f1064b60927bb9caa6f4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7821C5B6A006115FE690BA2D9D82E3B73E8EBC4524F050924FD25DB341F625FD05C2B2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9D890 Relevance: 7.6, APIs: 5, Instructions: 83encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,00000000,?,06A9DC9A,00000000,00000000), ref: 06A9D8A5
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,00000000,?,06A9DC9A,00000000,00000000), ref: 06A9D8F3
                                                                                                                                                                                                                                                                            • CryptEncrypt.ADVAPI32(00000000,00000000,00000001,00000000,00000000,?,?,?,?,?,00000000,?,06A9DC9A,00000000,00000000), ref: 06A9D911
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9D91C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A9D940
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_initialize.$CryptEncrypt
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1336092842-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5aa16ba1ac95135c311a97ac89de4e1252e32559c4485714af52621c0535bcc6
                                                                                                                                                                                                                                                                            • Instruction ID: 7b8ef852f51c31247a2f25ee448aa950476c0c35ad369483b1377dc37d6852ec
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5aa16ba1ac95135c311a97ac89de4e1252e32559c4485714af52621c0535bcc6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E21B3B2A01B115FEBA0BF289C40717F7E4EF44660F24492EE956D7641E770E454C7A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8ACC0 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,06A91A96,00000000), ref: 06A8AD00
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A570C,?,?,?,?,?,06A91A96,00000000), ref: 06A8AD11
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?), ref: 06A8AD34
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A8AD41
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,00000000,?,?,?,06A91A96,00000000), ref: 06A8AD5B
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_bind_int64.sqlite3_initialize.sqlite3_reset.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4100607207-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3b047fd16c2bc5dda24d88911907f201af340ffe65438efbffb7bc816a32515f
                                                                                                                                                                                                                                                                            • Instruction ID: d580e8df8e1a69a38277318f951f70dd7cfe41baaedacc3c287e0b1649e3f81b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b047fd16c2bc5dda24d88911907f201af340ffe65438efbffb7bc816a32515f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9411C4F66142056FE694BB24AD81F3773ADDB80219F160129FE26DB293F625E804C6A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AAA188 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 06AB4885
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 06AB489A
                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(100A11E8), ref: 06AB48A5
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 06AB48C1
                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 06AB48C8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2579439406-0
                                                                                                                                                                                                                                                                            • Opcode ID: cdf8545b0d9059999dc932721e7f7737bd1ced69fce99a900cc75d7209019800
                                                                                                                                                                                                                                                                            • Instruction ID: 9827a311716c55c3cc6fb0cf6c8eca58a332a7e7895d71b3a1e90b25ac6034d3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdf8545b0d9059999dc932721e7f7737bd1ced69fce99a900cc75d7209019800
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD21FEB4802320DFF740EF68ECD56A8BBE0FB08322F50511AED099B261E7724881CF65
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9DB30 Relevance: 7.6, APIs: 5, Instructions: 55encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptAcquireContextA.ADVAPI32(100D5FC8,00000000,100A95C4,00000001,F0000000), ref: 06A9DB66
                                                                                                                                                                                                                                                                            • CryptCreateHash.ADVAPI32(100D5FC8,00008004,00000000,00000000,?), ref: 06A9DB8B
                                                                                                                                                                                                                                                                            • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 06A9DB9D
                                                                                                                                                                                                                                                                            • CryptDeriveKey.ADVAPI32(100D5FC8,00006801,?,00000000,00000000,?,?,?,00000000), ref: 06A9DBBE
                                                                                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,00000000), ref: 06A9DBC8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Crypt$Hash$AcquireContextCreateDataDeriveDestroy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 65687594-0
                                                                                                                                                                                                                                                                            • Opcode ID: 69b81fc9da06520975602c47e392462091a943f887b6836c776131d8e9cc6ff5
                                                                                                                                                                                                                                                                            • Instruction ID: cb9279efa8a5131e00933940b62bfb7e87e491fb3b5f4a5023165f0abd459e42
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69b81fc9da06520975602c47e392462091a943f887b6836c776131d8e9cc6ff5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64114078A10715ABFB60BB24CCC6F2677F8BF40B06F644928FE809A1D0D6769444CB75
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A764C0 Relevance: 6.1, APIs: 3, Instructions: 1638COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A76525
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,00000000), ref: 06A778EB
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 06A7792E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$_memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1929870871-0
                                                                                                                                                                                                                                                                            • Opcode ID: a45a241fcc97748df29a16bda4cddb2089a58afac4fcea0fa5db7b254d24cd29
                                                                                                                                                                                                                                                                            • Instruction ID: 6b6a45a16449aea19327254e0b43ff0b8e249de4291cd26239fd1e9a296c30a1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a45a241fcc97748df29a16bda4cddb2089a58afac4fcea0fa5db7b254d24cd29
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BF25A709087418FD7A4EF28C880A5BBBF1FF89314F15896DE8998B352D771E905CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A964B0 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?), ref: 06A964D5
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000001,?,?), ref: 06A964E1
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4CD10: sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A4CD77
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A9657B
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A96592
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_reset.$sqlite3_bind_int64.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2887127254-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4e3a38ad61cceb6e49d6dc8067a8fec24507ed23283d3af265e205a8c0173ce3
                                                                                                                                                                                                                                                                            • Instruction ID: 4debcfa0aa5bc9abf7d7e489370fa6175e0561f63a58ab00311e1c66440f9a9d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e3a38ad61cceb6e49d6dc8067a8fec24507ed23283d3af265e205a8c0173ce3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF2153B5B002009BEB90FB6DDC85A6B73E9BF84614F194528F91D8B245EB31E950CBB1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A97FE0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,?,?,?,06A98297,?,?), ref: 06A9800B
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000001,?,?,?,?,?,06A98297,?,?), ref: 06A98017
                                                                                                                                                                                                                                                                            • sqlite3_column_int64.SYSTEM.DATA.SQLITE(?,00000000), ref: 06A9802D
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A9804F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.sqlite3_column_int64.sqlite3_reset.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3997603492-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7818db4332dd2911f7ca11cbec82d2f0806107eddfdf007c477599547dbac56c
                                                                                                                                                                                                                                                                            • Instruction ID: 1a4d0aba3bf1b5a9f37d23c16c1669d7fa3fd624f11d41b22358f9f79ebee368
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7818db4332dd2911f7ca11cbec82d2f0806107eddfdf007c477599547dbac56c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F40184B6B127016BDF94B7689D84E7BB398EFC5654F31493CE9198B201E626F80087B0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A38000 Relevance: 6.1, APIs: 4, Instructions: 52timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemTime.KERNEL32(?), ref: 06A3801A
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 06A38049
                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 06A3805E
                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 06A38076
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CountCounterCurrentPerformanceProcessQuerySystemTickTime
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4122616988-0
                                                                                                                                                                                                                                                                            • Opcode ID: 783acc3d9e845d3f130da2022a6b1a28b41c311273edda0c66fd57fa02a7d43e
                                                                                                                                                                                                                                                                            • Instruction ID: 079705cb011553956a3abb874575265c63ef4807caac1eb6d67166fcc8083c8a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 783acc3d9e845d3f130da2022a6b1a28b41c311273edda0c66fd57fa02a7d43e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E1118B5A047229FD304DF59C88845AFBE5FFC8221B50892DF89993715C739E845CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A97080 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?), ref: 06A9709C
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000002,?,?,?,00000001,?,?), ref: 06A970B2
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000002,?,?,?,00000001,?,?), ref: 06A970BE
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4CD10: sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A4CD77
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A970CD
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.sqlite3_reset.$sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1154879652-0
                                                                                                                                                                                                                                                                            • Opcode ID: e47d5aaeb36ab1786f1a6ae68d7df13227087ddff2f26320ba0cd62742389034
                                                                                                                                                                                                                                                                            • Instruction ID: b19891b50067932376ff4efc2e79d6164656bbf7c0643413a3320de963be9b26
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e47d5aaeb36ab1786f1a6ae68d7df13227087ddff2f26320ba0cd62742389034
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EF03AB56106056BD654FF64DD86EAB33ACDB88224F014608BD6E57280DA70FC1087E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A970E0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?), ref: 06A970FC
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000002,?,?,?,00000001,?,?), ref: 06A97112
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000002,?,?,?,00000001,?,?), ref: 06A9711E
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4CD10: sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A4CD77
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A9712D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.sqlite3_reset.$sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1154879652-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2c0b2a6bdaedd430d4f2558c74635b906341da714b587714d2ca9f7076a08ad3
                                                                                                                                                                                                                                                                            • Instruction ID: 447075bc087f5748181d89591a87733f1f18de400801fd61503e98904d528607
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c0b2a6bdaedd430d4f2558c74635b906341da714b587714d2ca9f7076a08ad3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F03AF5610A046BD754FF64DC86DB733ACAB88324F054608BD6A57280DA70FC1087E5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A69500 Relevance: 4.8, APIs: 1, Strings: 1, Instructions: 1254COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: c
                                                                                                                                                                                                                                                                            • API String ID: 0-112844655
                                                                                                                                                                                                                                                                            • Opcode ID: 3e9739119cd619b4000351075b865a2414e7e47bdce180a1ac5be067d84ef156
                                                                                                                                                                                                                                                                            • Instruction ID: a80acfa1356776dbeee62af77b231087c358490ddd041ce71573ba73e5cc4198
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e9739119cd619b4000351075b865a2414e7e47bdce180a1ac5be067d84ef156
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2C2A371908382CFCB54EF19C88096AB7E1FF85300F19896EF89A9B351D771E945CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A680E0 Relevance: 4.6, APIs: 2, Instructions: 1637COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A694A3
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A694EF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-0
                                                                                                                                                                                                                                                                            • Opcode ID: 31d68d14465c9f7955e53a5e8fed557be36046335e8b1f85ae0e41eba8f8f467
                                                                                                                                                                                                                                                                            • Instruction ID: b8681ed92694332d0d5341b5fd7a58d2dd2c1d16630ecf06eb395d522a8b5f44
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31d68d14465c9f7955e53a5e8fed557be36046335e8b1f85ae0e41eba8f8f467
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FE29A70A083418FD7A0EF19C880B2BB7E5BF88304F15895DF9998B391D775E845CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A95A50 Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,00000001,?,?,06A95B59), ref: 06A95A73
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A95AB9
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE ref: 06A95AC9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.sqlite3_reset.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 722953337-0
                                                                                                                                                                                                                                                                            • Opcode ID: b32af9ae163a676ff235671644d1ede863eb0517510eb4f10702540e84bfe8da
                                                                                                                                                                                                                                                                            • Instruction ID: ec72ac99a5b813016ea169386508da33e082c084fea68eea1a78c01b8fbb23e4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b32af9ae163a676ff235671644d1ede863eb0517510eb4f10702540e84bfe8da
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F218E74E01511ABEB91FF19DC85A62B3E5AF44314F158624EC188BB46EB30E851CBF5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A380D0 Relevance: 4.6, APIs: 3, Instructions: 58timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Time__alldvrm$FileSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1468359813-0
                                                                                                                                                                                                                                                                            • Opcode ID: 75e5747cc7ff46d76936037a1dcc836574a6a72b7ef8ead42288ba7f3eba1067
                                                                                                                                                                                                                                                                            • Instruction ID: 095399773eb56e7bb6e733b3b9c0a153625e14e6aeaa808376c54d938866e8a6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75e5747cc7ff46d76936037a1dcc836574a6a72b7ef8ead42288ba7f3eba1067
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C11CEB2A08301ABD310EF15DC44B6777A8EBC4754F124A2CF56892381EB71D818C6E6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8A9A0 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A800: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,?,?), ref: 06A8A87F
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A800: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?), ref: 06A8A895
                                                                                                                                                                                                                                                                            • sqlite3_bind_value.SYSTEM.DATA.SQLITE(?,00000001,?,?), ref: 06A8A9CB
                                                                                                                                                                                                                                                                            • sqlite3_bind_value.SYSTEM.DATA.SQLITE(?,00000002,?,?,?,?,?), ref: 06A8A9EA
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?), ref: 06A8A9FD
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_value.sqlite3_free.$sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2908310891-0
                                                                                                                                                                                                                                                                            • Opcode ID: f1edd5e254410cfd4ec3b0fe1e1ca5137f5701fad88a46de9575e9d93bb43369
                                                                                                                                                                                                                                                                            • Instruction ID: 44ed33dce478bc1d01ab0c2b4941511e6b02953f276f24e59daf30ba988ae4e6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1edd5e254410cfd4ec3b0fe1e1ca5137f5701fad88a46de9575e9d93bb43369
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4012B72A402052FD790BE64AE82A7BB3E8ABC0500F050839FE56D7141F215E909C3E2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A38180 Relevance: 4.5, APIs: 3, Instructions: 30windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 06A38183
                                                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000,00000000,?,?,00000000), ref: 06A381A4
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(?,?,100A5DDC,00000000,00000000), ref: 06A381B7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessagesqlite3_snprintf.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2333804815-0
                                                                                                                                                                                                                                                                            • Opcode ID: c597c39c69b775980822f61fd05dc560cf40ba5423f73f9c5a8a41f7976ea0e4
                                                                                                                                                                                                                                                                            • Instruction ID: ed1640359f3b43661bbefa0f2716ed777736e895e4a48b41a55eae577455e6aa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c597c39c69b775980822f61fd05dc560cf40ba5423f73f9c5a8a41f7976ea0e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BDE0D8722012217BF220AA519CC9FBB3F6CEB857E1F040155F60896141D3505C0182B1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A3A470 Relevance: 3.2, APIs: 2, Instructions: 197COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 06A3A4DA
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A3A641
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 121741435-0
                                                                                                                                                                                                                                                                            • Opcode ID: a0984ec0336d4da18e694a59b8f1ddedb753d0be8a2306675478e56c2f69ebfb
                                                                                                                                                                                                                                                                            • Instruction ID: f8a33a6b6bbd76065b8fdd73a1a73c9c2c82e25abc050b7ae2b408b894dd0984
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0984ec0336d4da18e694a59b8f1ddedb753d0be8a2306675478e56c2f69ebfb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE719E70604B929FD364DF39C884617FBE5BF95200F04CA2DE99687B42D734E954CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9DD40 Relevance: 3.2, APIs: 2, Instructions: 187encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptDestroyKey.ADVAPI32(?), ref: 06A9DEEE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptDestroy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1712904745-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6c3c43f86a92444f6f26ef2b1e86410b8cdb3f5b0c56f11360066574dffd6462
                                                                                                                                                                                                                                                                            • Instruction ID: a309ec955af7cd8306475a2b4dc401c8eca587fcc31907f38a3301dcdaabc53b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c3c43f86a92444f6f26ef2b1e86410b8cdb3f5b0c56f11360066574dffd6462
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2961AF75A047118FCB90FF28D98075AB3E1EF85264F258969ED689B341D731EC84CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A37E20 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A37CE0: GetVersionExA.KERNEL32 ref: 06A37D0B
                                                                                                                                                                                                                                                                              • Part of subcall function 06A37CE0: _malloc.LIBCMT ref: 06A37D3E
                                                                                                                                                                                                                                                                              • Part of subcall function 06A376D0: GetVersionExA.KERNEL32 ref: 06A376EF
                                                                                                                                                                                                                                                                              • Part of subcall function 06A36D30: GetVersionExA.KERNEL32 ref: 06A36D4B
                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(00000000,?,?,?,?,00000104,?,?,?), ref: 06A37E95
                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNEL32(00000000,?,?,?,?,00000104,?,?,?), ref: 06A37EC1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Version$DiskFreeSpace$_malloc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2271560270-0
                                                                                                                                                                                                                                                                            • Opcode ID: 84e9779a44dc5fe32047f4105258783e370ca0ddb51c06c26bf8e16df40037a0
                                                                                                                                                                                                                                                                            • Instruction ID: d2536012def198ca3dab25bd91d93b2a3a4774beac8f7ed81b3f2d4ae393f314
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84e9779a44dc5fe32047f4105258783e370ca0ddb51c06c26bf8e16df40037a0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 302180F2904320AFE7AAFB18CC05BEB76E8AF86700F144459F5958A191E374CC44C2AA
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A5B220 Relevance: 3.0, Strings: 1, Instructions: 1762COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                            • API String ID: 2102423945-3887548279
                                                                                                                                                                                                                                                                            • Opcode ID: d73186033dfb621d112263f8445848b1d2407fb58132bec950d252ed889ed4b5
                                                                                                                                                                                                                                                                            • Instruction ID: 20a40fa9b0e8a219431d8fb8ac2c6822d47b27fe50bc2ffdf3a7c79bc23da8b7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d73186033dfb621d112263f8445848b1d2407fb58132bec950d252ed889ed4b5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9F28271A04386CFCB54EF18C8909A9B7E1FF54310F0A85AEEC5A9B351D730E955CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A43FA0 Relevance: 2.8, APIs: 1, Instructions: 1253COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2102423945-0
                                                                                                                                                                                                                                                                            • Opcode ID: fb1a4ea70da1054d27a2d8244aeb5b83a996a8c360e30afd2ed7731fdc065892
                                                                                                                                                                                                                                                                            • Instruction ID: 470938c9d61064a289e35c4d51439338ed0f67b4444da5ea5f989eebdf88c646
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb1a4ea70da1054d27a2d8244aeb5b83a996a8c360e30afd2ed7731fdc065892
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01B260709083518FC794EF19C880A2ABBF1FFC9304F19896EE9958B251D735E946CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A5B2D8 Relevance: 2.6, Strings: 1, Instructions: 1370COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                            • API String ID: 2102423945-3887548279
                                                                                                                                                                                                                                                                            • Opcode ID: eedd0400571fe95ba76ad33b402cffdcb1308f5c3e0baaf69324b21db66f8b54
                                                                                                                                                                                                                                                                            • Instruction ID: c2a5656242199f2b28af30be17cc54894c979fa7edfaf9af8650321028511abf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eedd0400571fe95ba76ad33b402cffdcb1308f5c3e0baaf69324b21db66f8b54
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3ED25E71904386CFCB54DF18C8909A9BBE1FF54311F0A89AEE85A9F352D730E945CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06ACB329 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 365cb871d3962f37e9f9fa035f237583760faed142718dea13b9041ff792cb37
                                                                                                                                                                                                                                                                            • Instruction ID: b897f63c30de499d9f1ee676d9dd27fb05356050d5fac745a48d9a125b937009
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 365cb871d3962f37e9f9fa035f237583760faed142718dea13b9041ff792cb37
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC321831D25F558DE763A634C872335A28CAFB72D4F15D73BE81AB59A6EF29C4834100
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06ACD17E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 5e33a020cb7f6502bd49cf1d86dfee66ebad2e35fd1503d09b5d24342d85e62a
                                                                                                                                                                                                                                                                            • Instruction ID: a6e7f4cecc1590a8d1ed79e06d9d2a11db11bbee43f5a72bc821efd052320d80
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e33a020cb7f6502bd49cf1d86dfee66ebad2e35fd1503d09b5d24342d85e62a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DB1E424D2AF504DE723A6398871336BA5CAFBB2D5F52D71BFC2674E62EB2185C34140
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8F3A0 Relevance: 1.8, APIs: 1, Instructions: 282COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8F170: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,06A8E18E,?,06A8F3C4,?,?,?,?,?,?), ref: 06A8F2A8
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?), ref: 06A8F469
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_initialize.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 861066756-0
                                                                                                                                                                                                                                                                            • Opcode ID: 11c0a2dc9c18ab059df80ff2d421b01c29e20f1b9dcfd6c4bc13e0619521c43f
                                                                                                                                                                                                                                                                            • Instruction ID: bd681d2073a9f8fc190811d71c1717dcb87d6e4672537c8481a8cc55d96e39f2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11c0a2dc9c18ab059df80ff2d421b01c29e20f1b9dcfd6c4bc13e0619521c43f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46A1A571A043469FC744EF28C98096BB7E6FFC8258F158A2DF89987305E734E915CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4C4B0 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A4C580
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1acb248d120a216b79b52eeb7ee760ca3185c32dff30313cbeb385c2f664a4ef
                                                                                                                                                                                                                                                                            • Instruction ID: 7bb9008d06ae9dd02ab971e50ea0ee102387560aa1d7e422dd6f3355b2429814
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1acb248d120a216b79b52eeb7ee760ca3185c32dff30313cbeb385c2f664a4ef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE319DB19426108FD7A4FF19DD84A6AB3E4BF84320F054A6DEC9F9B201E731E445CB96
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9DE5C Relevance: 1.6, APIs: 1, Instructions: 72encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptDestroyKey.ADVAPI32(?), ref: 06A9DEEE
                                                                                                                                                                                                                                                                            • CryptDestroyKey.ADVAPI32(?), ref: 06A9DF4F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptDestroy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1712904745-0
                                                                                                                                                                                                                                                                            • Opcode ID: b6a059b6d8d4ebf365de41c65f5f536776f194193f0f41339a0574962b5dac31
                                                                                                                                                                                                                                                                            • Instruction ID: 89c3e8b7e50848ae3c261af3bdf9df205621e5260dae76599accb56551fd0c97
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6a059b6d8d4ebf365de41c65f5f536776f194193f0f41339a0574962b5dac31
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A219075A00B118FCBA0FF65C98171BB3E4AF85654F194869EC999B300D734E840CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9DA00 Relevance: 1.5, APIs: 1, Instructions: 48encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,?,?), ref: 06A9DA47
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptDecrypt
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2620231605-0
                                                                                                                                                                                                                                                                            • Opcode ID: a51f0063808a18d4dbf20a47387cc0ebac0038e2753bdc4c1640de7090247570
                                                                                                                                                                                                                                                                            • Instruction ID: c53bb16ea98bf168feaae8b469c5d48d4f8e1d51d8402e1ae01e64151e531845
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a51f0063808a18d4dbf20a47387cc0ebac0038e2753bdc4c1640de7090247570
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC015676A047009BD660EB15ED81A57B3E6EFC4621F29092EF99597640C234E84ACAB1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A95650 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __allrem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2933888876-0
                                                                                                                                                                                                                                                                            • Opcode ID: d819cec39dfed61e16db27f3e253124c7c224c572807b5e97d72e99383ce7b7c
                                                                                                                                                                                                                                                                            • Instruction ID: 0d28388212bea6bc28a89c8608b6562249162fee179843589b224a338cd826c5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d819cec39dfed61e16db27f3e253124c7c224c572807b5e97d72e99383ce7b7c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05F02811B1493457AAC0BE7F5E1168BD2DB6FD4B21B2ADC0F92A0D3294CEE0940393F5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9DABA Relevance: 1.5, APIs: 1, Instructions: 36encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,?), ref: 06A9DAF4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptEncrypt
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1352496322-0
                                                                                                                                                                                                                                                                            • Opcode ID: 11fb843e9f49cb9c10b6beb63a844fc84d9eb9bd7db232e53be9ee8f4100af91
                                                                                                                                                                                                                                                                            • Instruction ID: 364151064801f502473162953f091c516ea3511f163795b88d37cf94d3987b59
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11fb843e9f49cb9c10b6beb63a844fc84d9eb9bd7db232e53be9ee8f4100af91
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F017BA3047009FD620DB18ED85F9BB3E5EBC4B25F15891AFA55A7640C270F80ACB71
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9DA72 Relevance: 1.5, APIs: 1, Instructions: 30encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,?,?,?), ref: 06A9DAAC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptEncrypt
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1352496322-0
                                                                                                                                                                                                                                                                            • Opcode ID: d4b7c096260cb10e1cbe20d2aa22ae95f490d2248da90276a009f964ec51605a
                                                                                                                                                                                                                                                                            • Instruction ID: 2af622579ea827fb1d735831da30d9405aaa3b07d935078106fd4c45c2b0d13c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4b7c096260cb10e1cbe20d2aa22ae95f490d2248da90276a009f964ec51605a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3F034BA204300AFD220CB14EC45F97B7A9EBC8B14F00894AF9959B641C270B8098B31
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D95F Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_zeroblob.SYSTEM.DATA.SQLITE(?,?), ref: 06A4D975
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_zeroblob.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1798609400-0
                                                                                                                                                                                                                                                                            • Opcode ID: c55618529cb880d4fdfbc88f1ade02e58cebfd47c510bb420c69029bebf9b4c7
                                                                                                                                                                                                                                                                            • Instruction ID: 355ad8ff3d5003a6efa5274abd24129a9838b55c0ac4c6145b4068ff0f588301
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c55618529cb880d4fdfbc88f1ade02e58cebfd47c510bb420c69029bebf9b4c7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1E01CBA7141046BC744FE08FC40EA97359DFC8224F118299FE1D8B3A1DA31D910C6E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A36D30 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Version
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1889659487-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0b93a5c6af3283061be63f31377ef891de24d51efe430f88cfb0f35ef1690a37
                                                                                                                                                                                                                                                                            • Instruction ID: bacc7aab5b6d2811ecd22142ffc9bcbd0b57bdcdfe5adc40d71c0301d44f2342
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b93a5c6af3283061be63f31377ef891de24d51efe430f88cfb0f35ef1690a37
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FE0EC7A6152108FF764DB38CF8A65A7BE4A748241F40483DE956C6151E73881098B12
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9E1E0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,?,?,?), ref: 06A9E1F8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3473326157-0
                                                                                                                                                                                                                                                                            • Opcode ID: a029cbf7f1cc3571a637143755c61c369431f943d917f66e040dc32176d086bf
                                                                                                                                                                                                                                                                            • Instruction ID: 0e2b21da3ec67bf33c439ad4b986d16eb56b3c433fdfc787e96d648fa76c047c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a029cbf7f1cc3571a637143755c61c369431f943d917f66e040dc32176d086bf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18D05EBA610608AF8314EF48DC41C7B73ACEB89210B018348FD284B391EA31ED20C7E5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9E1B0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_double.SYSTEM.DATA.SQLITE(?,?), ref: 06A9E1C9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_double.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2765108041-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3cb8dde12662c6636d4063bd413ba929bb7e8890d1346bd3c3417c0fd371db8d
                                                                                                                                                                                                                                                                            • Instruction ID: 3bfe8586e818fb0910fb4ba09626d823ed1b458b3a0e175306d97cf6610e1155
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3cb8dde12662c6636d4063bd413ba929bb7e8890d1346bd3c3417c0fd371db8d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DD05E755045089BC300BE58EC4686A7728EB44210F408A89FCA447344EA31AA3482E2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AACDB6 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnumSystemLocalesA.KERNEL32(1007CA15,00000001), ref: 06AACDCF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2099609381-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2a83ec7b8cd2a362047cbc69884b8ddd3622fa1945014d2e2f7d9adcee4955a0
                                                                                                                                                                                                                                                                            • Instruction ID: e75a64e9c4c7076f374c3e3de43d5bef04d0dcfe568ecf2e4c14660544e8651a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a83ec7b8cd2a362047cbc69884b8ddd3622fa1945014d2e2f7d9adcee4955a0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50D05E7095475A4BE721DF34C848760BFE0FB02B19F908A8EC596CA0D0C3749849C301
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D7E0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,?,?), ref: 06A4D7F4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3473326157-0
                                                                                                                                                                                                                                                                            • Opcode ID: c1f1daf6b4b04424e48a67e25c879642ab23ced374421459458b6fbd06bd0bad
                                                                                                                                                                                                                                                                            • Instruction ID: 7fbc618cd982d30e7f22073087b8f3eb7103bf479ae667cf9dbfe4af628b586c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1f1daf6b4b04424e48a67e25c879642ab23ced374421459458b6fbd06bd0bad
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98D0C9F66106086B9750FE5C9C41CBA335DDA85124B414648BD3887281EA31EA2087E5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D923 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,?,?,?), ref: 06A4D932
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_int64.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3473326157-0
                                                                                                                                                                                                                                                                            • Opcode ID: 945ba06460aa90972d9c8bb678c384cc89d6fefc6296cdfd155f1dc89be9cfe7
                                                                                                                                                                                                                                                                            • Instruction ID: f6b9a9f17c49d14d84fdcb8aff8380859ad74dcd43564c08ce7c29fb67856416
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 945ba06460aa90972d9c8bb678c384cc89d6fefc6296cdfd155f1dc89be9cfe7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15D0C9BA7100046F9704EB48EC40CB633A9DBC82147018289FD1D8B251D631DD1087A0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D941 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_bind_double.SYSTEM.DATA.SQLITE ref: 06A4D951
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_double.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2765108041-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4be38cfed5e6b8739bcd4f506fbc86ba8f6d3b471e162b118d84e9ad8308d58e
                                                                                                                                                                                                                                                                            • Instruction ID: d007407ef88cf2d1cf32d6774cf7c26f3b5f84d8d482a1faebde59c67f99b819
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4be38cfed5e6b8739bcd4f506fbc86ba8f6d3b471e162b118d84e9ad8308d58e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBC08C06F0A18001CB86F9BC7C430AA3B8CC88113570448EBEE988A003E802042543B2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AB512F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,?,?,?), ref: 06AB5140
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                            • Opcode ID: cf581cf370827d9d1621825b29adf69f68c3864fec30ff93ab5e283b7b04fcf6
                                                                                                                                                                                                                                                                            • Instruction ID: d6a03a345d52179bc1453058c3b34ab2d547408f22cacf69904e138e8343c1b0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf581cf370827d9d1621825b29adf69f68c3864fec30ff93ab5e283b7b04fcf6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEC0013200024DFBCF025F92EC088AA3F2AFB88260B088015FA2C05030CB729971AB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9D86F Relevance: 1.5, APIs: 1, Instructions: 10encryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptAcquireContextA.ADVAPI32(100D5FC8,00000000,100A95C4,00000001,F0000000), ref: 06A9D882
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AcquireContextCrypt
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3951991833-0
                                                                                                                                                                                                                                                                            • Opcode ID: a20f26e6f955dd362a3e56c8993bce8bb520e977935ffdadb958c281a028e70f
                                                                                                                                                                                                                                                                            • Instruction ID: 9ac69410d168e630548ed787de281339a8477a9f512f3fac1e4d2c860b6cd820
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a20f26e6f955dd362a3e56c8993bce8bb520e977935ffdadb958c281a028e70f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EB092383E4B1A71EE205B788C87FA032008741B03F200660BB02E80C4CA9210404228
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 060D5460 Relevance: .7, Instructions: 724COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, Offset: 060D0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2332856380.00000000060D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2336144914.0000000006332000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_60d0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 7157c41ef3dacb9664d63c97711a8e0829dc8711dabad33d4462fef9ae861223
                                                                                                                                                                                                                                                                            • Instruction ID: 282bc918a71f52f5e2b775db19ffb304d3f32b05ea86ca98df81a0272770eee1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7157c41ef3dacb9664d63c97711a8e0829dc8711dabad33d4462fef9ae861223
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D662D26A50E3D16FDB1347749CA6A547FB05E1B224B4E08DBE0C0CF4E7E8886859DB23
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A42B60 Relevance: .6, Instructions: 574COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b6876373dc1f969ad003dd6dd88d0607d8c9b291b8546bc997ab6135c33f4c10
                                                                                                                                                                                                                                                                            • Instruction ID: c25c3bbe574366c33371702f78bb87469fbaa4aa079fde4636a84b48750aaae9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6876373dc1f969ad003dd6dd88d0607d8c9b291b8546bc997ab6135c33f4c10
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D822F371A083518FDB94FF29C880A6ABBE1BFC5304F0546ADF8959B341D735E905CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 060E0881 Relevance: .5, Instructions: 539COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, Offset: 060D0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2332856380.00000000060D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2336144914.0000000006332000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_60d0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 955ce3333cf950a0dc4063b0d7566afbb01896acc8c1fc6715f8685f4b400fb6
                                                                                                                                                                                                                                                                            • Instruction ID: d4c219bf679607da42e89e1f725cd5f1e175d02ebd605d4c186efb92fb30915f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 955ce3333cf950a0dc4063b0d7566afbb01896acc8c1fc6715f8685f4b400fb6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08221EA684E7C14FD7038BB49CB66917FB1AE17214B4F49DBC4C0CF0A3E258695AD722
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AAE681 Relevance: .5, Instructions: 528COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e96a3d123e3bec4ea79a0e9cdae871c754229cfb4269ce91712448359a8c3bf4
                                                                                                                                                                                                                                                                            • Instruction ID: f48b287d5cad31c48c259823107f2638cfca1ff4c01d61e9faa5d2117c4a1ab3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e96a3d123e3bec4ea79a0e9cdae871c754229cfb4269ce91712448359a8c3bf4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2029F33D597B34F8BB55FB980E4526BAA16E0159130F87EADCC02F297C316DD09A6E0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 060D3170 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, Offset: 060D0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2332856380.00000000060D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2336144914.0000000006332000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_60d0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9d73ed2538fa7d57dde62abf4d6e0c3b12820c842c0199cc0b51e95126429ff8
                                                                                                                                                                                                                                                                            • Instruction ID: a61e7e4dacd63ca2c2a89ce2e772add0d3737a0991b27be8b4e1f91e2cd1a1ef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d73ed2538fa7d57dde62abf4d6e0c3b12820c842c0199cc0b51e95126429ff8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E422FF6A44E3D24FCB135BB85DB51A07FB19E2B15474F08CBD0C0DF4A3D199299AD722
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 060E0444 Relevance: .4, Instructions: 414COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, Offset: 060D0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2332856380.00000000060D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2336144914.0000000006332000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_60d0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6092a742c17c339d4259cb2f30888771813af5256c869e31be2fea703a06cb85
                                                                                                                                                                                                                                                                            • Instruction ID: f02cd47f81f9bcfb371213c8072ebbc4dc44784c7b16abcaac98104c24cb3f35
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6092a742c17c339d4259cb2f30888771813af5256c869e31be2fea703a06cb85
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 740210A680E7D15FD7038B749CB66917FB0AE17214B0E48CBD4C1CF0A3E259685ADB23
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AAF756 Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                                                                                                            • Instruction ID: fd40b57a018bb60c456a0c1c7f59819cc0bdaecb6a78fd15843a2aec9ad94f88
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45D15173D1ABB30E87B9922E845813AEEA26FC155131FC3E29CD43F28AD3265D15D5D0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AAF336 Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                                                                                                            • Instruction ID: 4b694a7bbb0eb6ef590a261e7055ea812719663e01cbb3ae4858a1b1701af541
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDD14F73D1ABB30A87B9922D855813AEEA26FC165131FC3E2DCE43F28AD3265D1495D0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A35570 Relevance: .4, Instructions: 372COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: eab7882131ff14ad56dc7af04c2747a8f0af7eccba8598c3dd4032b0d2990303
                                                                                                                                                                                                                                                                            • Instruction ID: dace7d139dd415e9cdcf3e565342853c96c4950efc7d55943cd7ac1aa4f56b8d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eab7882131ff14ad56dc7af04c2747a8f0af7eccba8598c3dd4032b0d2990303
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2C19C72E182A14FEB8D5A3DC4D03B57B43EF96210F1946ADE4A24F7C6C6398949C790
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AAEF2A Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                                                                                                            • Instruction ID: 0466d5bb902b824cba256e30cb45e5ed556367308897bd8d2569b17571b548eb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92C13073C1ABB30A87BA922D845853EEAA26FC165131FC3E2DCD43F28AD7275D0595D0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AAEB56 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                                                                                                            • Instruction ID: 5c74b91c5a59072ffa86b2b1798144976eecb5efb64777da14fd28627f710f01
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6C14073D1ABB30A87B5922D845853AEEA27FC154131EC7E6DCD42F28AD3275D04E6D0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 060E11AC Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, Offset: 060D0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2332856380.00000000060D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2336144914.0000000006332000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_60d0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2cb2199d75c7e1586839d5def20aafc20445d75efdbe0f0265cc5d2ff9a94faf
                                                                                                                                                                                                                                                                            • Instruction ID: cad006c12b4b9b5d01b54c7deb104abe0f3fd934ed439d1810a5b59c14bb0006
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cb2199d75c7e1586839d5def20aafc20445d75efdbe0f0265cc5d2ff9a94faf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5C1E16640E3D18FDB138BB89CB56907FB1AE1B21475E08CBC4C0CF5A3D199685ADB63
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 060D9890 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, Offset: 060D0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2332856380.00000000060D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2336144914.0000000006332000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_60d0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 66ae706c503f30a566ecf9d46711c74327f71cdd70e886f9b4c80ce058d66cf9
                                                                                                                                                                                                                                                                            • Instruction ID: 1090a25867e59a7ef3e41d804194b2839b56c93297e4c1432ea8762cb0c8208f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66ae706c503f30a566ecf9d46711c74327f71cdd70e886f9b4c80ce058d66cf9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECC1975A80E3D64FDB23577898B5591BFB06E1B51434F18CBC0C1CE4E3E088299ADB67
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 060E192B Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, Offset: 060D0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2332856380.00000000060D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2336144914.0000000006332000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_60d0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ec20bfcb4975fe72f9c0974bb25f4b8e6e5a9a58d98c8007b85dfd4811c974e7
                                                                                                                                                                                                                                                                            • Instruction ID: 1920142df1e93994850d6939ea165d90d738899bb134bb05413d2f4a60676b81
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec20bfcb4975fe72f9c0974bb25f4b8e6e5a9a58d98c8007b85dfd4811c974e7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97B160A644E3C15FE7038B7498B66913FB1AE17214B5F88CBC4C0CF4A3E259691AD723
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 060DA310 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, Offset: 060D0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2332856380.00000000060D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2336144914.0000000006332000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_60d0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: dfa50e2c82483ae2ab7e17a7ba7a07d99790974c7236c12090450812fa9598a2
                                                                                                                                                                                                                                                                            • Instruction ID: 580410a12d246b3db2f8b4ac0f0630772ffe7cf49df0d58ef15de634fefbeac9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfa50e2c82483ae2ab7e17a7ba7a07d99790974c7236c12090450812fa9598a2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15B1879A80E7D24FDB235B7858B5595BFB0AE1B11434F08CBC0C1CF4A7E048299ADB63
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 060D90BD Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2332908474.00000000060D2000.00000002.00000001.01000000.0000000C.sdmp, Offset: 060D0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2332856380.00000000060D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2336144914.0000000006332000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_60d0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 5e0919d8dedb9b3288c97bade4d4a08392fb14fd078ec5cea4d3f6a27309fc11
                                                                                                                                                                                                                                                                            • Instruction ID: b9a20995f7bc4003a62437cdbd896264ca0d057f5a1ff5c0efe92d8742c0b135
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e0919d8dedb9b3288c97bade4d4a08392fb14fd078ec5cea4d3f6a27309fc11
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46B1209680E7C14FDB178B744879691BFB0AE1B154B1F89CBD4C1CF4A3E248685AD723
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A43260 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 54fbccf455c4edbe4ce0a804fc95dbe63127e513ab07076a728478312696d83a
                                                                                                                                                                                                                                                                            • Instruction ID: 240b33490eb340f46c0e6af6828fccc08c78ff33e7429afdd42120dcc95ebf67
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54fbccf455c4edbe4ce0a804fc95dbe63127e513ab07076a728478312696d83a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C911972A083A18FC759EF298880A56BFE16FC5140F0A85ADEC999F353D635DC09C7E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A407B0 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6c6f0d557f73a89c7c3aa6a63297b71232eafdd82cdcbf89ab0a7c90cf03441f
                                                                                                                                                                                                                                                                            • Instruction ID: 4bbaf621a9f46714b9db05febf95612315c07aba073c592712f77f545da76be3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c6f0d557f73a89c7c3aa6a63297b71232eafdd82cdcbf89ab0a7c90cf03441f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE510B2160C2E24AD359DF3D4894479FFE1AED2201708C6AEE5E987683D638D518D7E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A36560 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 525e2a7cb4a4f561317979a2a29efdc1003e4e34ec3b03d9a8d48d8efd4220a2
                                                                                                                                                                                                                                                                            • Instruction ID: 7d9ef6def31f0b8d4869f3a9939d69384185a808a6d8502f46551074353c659d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 525e2a7cb4a4f561317979a2a29efdc1003e4e34ec3b03d9a8d48d8efd4220a2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 634148B2D049321AE34CCF26A929261EFD3EBD1341709C17EE5BAC7685DB718016E7C0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A36450 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f159574a4ad991404e8e4f39fcbab320685a65b6a8cd18b2de7a9cd2717953c1
                                                                                                                                                                                                                                                                            • Instruction ID: 0109b03b9628548ca8cc941fe5d50c3ea14f47bc735c186f8fa0c508555d1d19
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f159574a4ad991404e8e4f39fcbab320685a65b6a8cd18b2de7a9cd2717953c1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4421B582E9A68058D300953DCD057C1AF82C7E7128FACD3B9E4588BFDBD16B900AD795
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4DB10 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 40fc6c90807c5b6e8efc1a35e600436481b953b5df3a3a2f8361fc89cc7cb310
                                                                                                                                                                                                                                                                            • Instruction ID: 6f071652975438cb5c47b99ae6f3b12e84af26e97cdf3ac7d8ad5535ceee54e7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40fc6c90807c5b6e8efc1a35e600436481b953b5df3a3a2f8361fc89cc7cb310
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7301D867B182554ADBE0BF39ACC06B7B796DFC25A0B0A0569DCD18F142D603E84BC2A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D800 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 987a1a1b4ea7b3b6d2b69ff5db4af2516de736cf2a330cf66820d73b2f5d31d0
                                                                                                                                                                                                                                                                            • Instruction ID: 7c1611dba8238cf681d30cae3de4d8130525d00d0e88b0c5143d2c3798833fd9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 987a1a1b4ea7b3b6d2b69ff5db4af2516de736cf2a330cf66820d73b2f5d31d0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE0181B16006069BDB40FF5CDC805A6B3A8FF88318B144629EE14D7741EB71F925CBE2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4DA00 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a23ce7cdf3e444e80422417c955d5ca3c15cf29bdb20a4dfc31a240ed794e5d0
                                                                                                                                                                                                                                                                            • Instruction ID: 7d3be01f30e53d5e323836f556b36e61957c39463b807cab510de2622dd2c15c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a23ce7cdf3e444e80422417c955d5ca3c15cf29bdb20a4dfc31a240ed794e5d0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15014BB1604702DBE740EF59D884A66F7E8FF98308F15042DE68097601E771F959CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D780 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 70f8efe63c7800a5e0dd88d77e2097b5b294e064e870ae85c81ee29dda7a3635
                                                                                                                                                                                                                                                                            • Instruction ID: d661da2ab5e08ca9c258fd00101f42cff7e646e7089c9f190cc2909327afed32
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70f8efe63c7800a5e0dd88d77e2097b5b294e064e870ae85c81ee29dda7a3635
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0F06D71A001159BCB40FF2DEC84896B7A8EF84229F450565ED54CB215EB71E925CBE2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9E210 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a6aafcc9bfed6de8d02a56a83a6a09e1c8ce19589e859db0824fc28a14259001
                                                                                                                                                                                                                                                                            • Instruction ID: ba42a009267d43ed21c0c17163ed8f837e365102c968193b7de9cadf6be671c7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6aafcc9bfed6de8d02a56a83a6a09e1c8ce19589e859db0824fc28a14259001
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33F0963670C2138B4F94EF58D54096FF3E1BFC5600715496DD4569B241DB32EC46C7A2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D900 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 379f2a61065dc81e2fc5bf984d3a7a8fd8c13d805e49c761fed21463da461d49
                                                                                                                                                                                                                                                                            • Instruction ID: d650485ec5a58e93a368041d029419a0c8e99f808c3e9f2ee3ce1faede7de210
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 379f2a61065dc81e2fc5bf984d3a7a8fd8c13d805e49c761fed21463da461d49
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAF0E5757001148BCB60BF1DDC558A63BA8EFC51617090166FD58CB391EA31E911C7E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4DAE0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 7ff0d3fd0511442196f994ff814f706f0739bd089c9e88b8dd1eb818d9456da4
                                                                                                                                                                                                                                                                            • Instruction ID: 13530bf19a816929a074d5c41c61e7aedc2673894b1523f5acdedda18d6948f7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ff0d3fd0511442196f994ff814f706f0739bd089c9e88b8dd1eb818d9456da4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E01237709631578291BA1CFD4049F73E1FFC45607064C69F8519B649D321FC43C6A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D870 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d1d42519b9b1e11557ebc839d342ae41706e70ae20924887542a8974c202ab9b
                                                                                                                                                                                                                                                                            • Instruction ID: ba90a4eea8270bad008d747a150339a2da93625b71578ec56a3555bad169135b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1d42519b9b1e11557ebc839d342ae41706e70ae20924887542a8974c202ab9b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEE012BA7001109BC651BB5C9C8496773E8DFC92617154469F699DB200DA30E80187A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D750 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c1d87ccbe69addec7f5ee70be107b0a81b5e7cf1bb00a8dd35f03f72c3f13b60
                                                                                                                                                                                                                                                                            • Instruction ID: 58a331af1775e6875b043da46a56c64458187423c887778d7f624236df381658
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1d87ccbe69addec7f5ee70be107b0a81b5e7cf1bb00a8dd35f03f72c3f13b60
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88D0E9B96183019BC244EE44EE91F1BB3E5ABC8A04F51491CF599A3280D620ED08CB77
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D8A0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 62f1a5081a79fcf579ccb9f828580bd146cb4ce99b121b4115c993b706df3b29
                                                                                                                                                                                                                                                                            • Instruction ID: 605510dcbdcb00455c3c15e9723451315e58c5f4c0382e1ebb721f92b5e23324
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62f1a5081a79fcf579ccb9f828580bd146cb4ce99b121b4115c993b706df3b29
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFD0E9B96183019BC644EE44EA91E5BB3E5ABC8B04F41491CF599A3280D661ED08CB73
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4D8D0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 39e3e0d57d6bafbd97634d3b70829d422eb04a8c728875609fabcdc54f7d3ad8
                                                                                                                                                                                                                                                                            • Instruction ID: bc86d38e9474fc293d4caf9a94dde8c70f3191ca1b0ced689701b02822cd0f67
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39e3e0d57d6bafbd97634d3b70829d422eb04a8c728875609fabcdc54f7d3ad8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79D0E9B96183019BC244EE44EA95E1BB3E5ABC8B04F41491CF599A3281D620ED08CB73
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4DCE0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 82be9cc56a9c01015de491381cf1d87e9766ac22e83f21d67dd78c4374c7174d
                                                                                                                                                                                                                                                                            • Instruction ID: 852d3d59266e37fe2e2b379c5ba192be827ef7e3f1a02d075fcf78aa7ad80a20
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82be9cc56a9c01015de491381cf1d87e9766ac22e83f21d67dd78c4374c7174d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98D0C97460C202AFC344BF14C4505A9B7E1AFC4B44FC4889CA4494B751D371D881D705
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4DA70 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 36ff33844affb856e97e632fc441e8ea346c82659c7505722119e1886c478fb1
                                                                                                                                                                                                                                                                            • Instruction ID: c834f12bf1ed77d9fad4802bca55d2607891cda8c2bd39552cf6e57bc7a6ba2d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36ff33844affb856e97e632fc441e8ea346c82659c7505722119e1886c478fb1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31B0029071951195DF60AF26894053673D45FC0A45B4954A57498C9455E734DC40F515
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A3F4F0 Relevance: 19.9, APIs: 13, Instructions: 411COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,00000000), ref: 06A3F5DE
                                                                                                                                                                                                                                                                            • sqlite3_mutex_enter.SYSTEM.DATA.SQLITE(00000000), ref: 06A3F626
                                                                                                                                                                                                                                                                            • sqlite3_mutex_enter.SYSTEM.DATA.SQLITE(00000000), ref: 06A3F651
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A3F706
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A3F72F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_mutex_enter.$_memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2669045427-0
                                                                                                                                                                                                                                                                            • Opcode ID: 589a0d210676cc49b5395e20a56b456bd42b46e5cb8d1ab9b3ef87eaf0c0c075
                                                                                                                                                                                                                                                                            • Instruction ID: 293d0cb8c38b9b869a9b8e57280f95aacca3f7e5f8782ffce00dba1f381ec5ab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 589a0d210676cc49b5395e20a56b456bd42b46e5cb8d1ab9b3ef87eaf0c0c075
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0F192B0D183A19FEBA0EF24D980767BBE1BF54204F05846DF8998B352E735D548CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A925E0 Relevance: 19.8, APIs: 13, Instructions: 337COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_value_blob.SYSTEM.DATA.SQLITE(?), ref: 06A926AE
                                                                                                                                                                                                                                                                            • sqlite3_malloc.SYSTEM.DATA.SQLITE ref: 06A9271D
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,00000000), ref: 06A9274C
                                                                                                                                                                                                                                                                            • sqlite3_column_int64.SYSTEM.DATA.SQLITE(?,00000000), ref: 06A92766
                                                                                                                                                                                                                                                                            • sqlite3_column_int64.SYSTEM.DATA.SQLITE(?,00000001,?,00000000), ref: 06A92776
                                                                                                                                                                                                                                                                            • sqlite3_column_blob.SYSTEM.DATA.SQLITE(?,00000002,?,00000001,?,00000000), ref: 06A92786
                                                                                                                                                                                                                                                                            • sqlite3_column_bytes.SYSTEM.DATA.SQLITE(?,00000002,?,00000002,?,00000001,?,00000000), ref: 06A92792
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8FA30: _memset.LIBCMT ref: 06A8FA44
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8FA30: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,06A91018,?,?,?,?,?,?,?,?), ref: 06A8FA6F
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A927D8
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4CD10: sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A4CD77
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A92838
                                                                                                                                                                                                                                                                            • sqlite3_errmsg.SYSTEM.DATA.SQLITE(?), ref: 06A92894
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(00000200,?,100A9010,00000000), ref: 06A928AF
                                                                                                                                                                                                                                                                            • sqlite3_result_text.SYSTEM.DATA.SQLITE(?,100A9000,000000FF,00000000), ref: 06A9291E
                                                                                                                                                                                                                                                                            • sqlite3_result_text.SYSTEM.DATA.SQLITE(?,100A8FE8,000000FF,00000000), ref: 06A9293A
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4C880: sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A4C8A7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_column_int64.sqlite3_result_text.sqlite3_step.$_memsetsqlite3_column_blob.sqlite3_column_bytes.sqlite3_errmsg.sqlite3_free.sqlite3_initialize.sqlite3_malloc.sqlite3_reset.sqlite3_result_error_toobig.sqlite3_snprintf.sqlite3_value_blob.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3941800587-0
                                                                                                                                                                                                                                                                            • Opcode ID: 63c5cfb894820551dc30c40fbf85e5be31f9edde00eee431a820fd5d83275427
                                                                                                                                                                                                                                                                            • Instruction ID: c4df8042e6800ae2dba4ca25a93755d80bd32051d93d07fe88f160481552efeb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63c5cfb894820551dc30c40fbf85e5be31f9edde00eee431a820fd5d83275427
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23B1D672A143016FDBA0FF68CD80B6BB3E4AF84254F154929F9659B251E730EA05C7F2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A99A70 Relevance: 18.2, APIs: 12, Instructions: 219COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A5DCC,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 06A99ACF
                                                                                                                                                                                                                                                                              • Part of subcall function 06A99990: sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A948C,?,00000000,?,06A99AFA,?,?,?,?,?,?,?,?,?,?,?), ref: 06A999A0
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A99B32
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A99B62
                                                                                                                                                                                                                                                                            • sqlite3_errmsg.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 06A99C0B
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A5DCC,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 06A99C16
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A9514,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 06A99C32
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A9528,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 06A99C5A
                                                                                                                                                                                                                                                                              • Part of subcall function 06A352C0: sqlite3_vmprintf.SYSTEM.DATA.SQLITE(?,?), ref: 06A352D6
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,100A9528,00000000,00000000), ref: 06A99C66
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A9530,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 06A99C81
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,100A9530,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 06A99C89
                                                                                                                                                                                                                                                                            • sqlite3_declare_vtab.SYSTEM.DATA.SQLITE(?,00000000), ref: 06A99C9B
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A99CB0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_mprintf.$sqlite3_free.$_memsetsqlite3_declare_vtab.sqlite3_errmsg.sqlite3_initialize.sqlite3_vmprintf.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 843523597-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4f8f3546a658dacb81886e0af19a5f7572f881dc98fb01dccef4a659777e49be
                                                                                                                                                                                                                                                                            • Instruction ID: 4943df8a05411147104395cae123179af0983683fb54fabefe011532b03c6918
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f8f3546a658dacb81886e0af19a5f7572f881dc98fb01dccef4a659777e49be
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F471B375A04700AFDB90EF68DD8096BB7F5EBC4210F684A1DF869CB201E735E905C7A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A90360 Relevance: 16.8, APIs: 11, Instructions: 290COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A903A8
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8FD10: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,?,?,?,?,?,06A903C4,?,?,?,?), ref: 06A8FD65
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8FD10: sqlite3_free.SYSTEM.DATA.SQLITE(100A572C,?,?,?,?,?,?,?,?,?,?,06A903C4,?,?,?,?), ref: 06A8FD76
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8FD10: sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?,?,?,?,?,06A903C4,?,?,?,?,?,?,?,?), ref: 06A8FDA2
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8FD10: sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,06A903C4,?,?,?,?), ref: 06A8FDB9
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8EEC0: _memset.LIBCMT ref: 06A8EEC6
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8EEC0: sqlite3_initialize.SYSTEM.DATA.SQLITE(06A9172F,00000000,?,?,00000000), ref: 06A8EEE9
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8EEC0: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,06A9172F,00000000,?,?,00000000), ref: 06A8EF11
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A904C5
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A904D4
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A904E4
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A90551
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A90560
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A90570
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A9059F
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A905B0
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A9068C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A9069D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$_memsetsqlite3_finalize.sqlite3_initialize.$sqlite3_bind_int64.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4190364099-0
                                                                                                                                                                                                                                                                            • Opcode ID: e158cd31cdc787c305c5048371c985a940c5cecef9481d32b9538c440a738fc9
                                                                                                                                                                                                                                                                            • Instruction ID: ab1d258337ff53a918edfb3bd3cb24e3ebd7b769afcd821a95fd82c20c4267da
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e158cd31cdc787c305c5048371c985a940c5cecef9481d32b9538c440a738fc9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BDA1C2B2E043019FDBA0FB64DD40B6BB3E8AFC4644F15492CE999CB241E775E544CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A92E00 Relevance: 16.8, APIs: 11, Instructions: 264COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A92E86
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A92EB3
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A92ECA
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A92EF7
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A92F1F
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,06A932F6,?,?,00000000,?,00000001,00000000), ref: 06A92FEB
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,06A932F6,?,?,00000000,?,00000001), ref: 06A9301A
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,06A932F6,?,?,00000000,?,00000001), ref: 06A93044
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,06A932F6,?,?,00000000,?), ref: 06A93051
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A93094
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,06A932F6,?,?), ref: 06A930CA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.$_memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4140344887-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4afdee5da0137163ea79847a7cfa57ce4b63132bb530b7b8e99e44f9a4786f3f
                                                                                                                                                                                                                                                                            • Instruction ID: 7cc10e648a5564746d31e93058c8bb6f763971d65aeac0dd061aa34d9148d578
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4afdee5da0137163ea79847a7cfa57ce4b63132bb530b7b8e99e44f9a4786f3f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03A13BB1A143019FDB54EF25D980A5BB7E4BF88314F144A2DF8959B301D734EA19CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A638A0 Relevance: 15.3, APIs: 10, Instructions: 252COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A638FF
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000,?,?,06A47DE8), ref: 06A63916
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A6395C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A63965
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,06A5E6E7,?), ref: 06A63993
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A639B6
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A639C7
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?), ref: 06A639CD
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A639DA
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000,?,?,06A47DE8), ref: 06A639FF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-0
                                                                                                                                                                                                                                                                            • Opcode ID: 173437cb49e6e245802426062e8c9269361c02cbe97ad1209708bb3825e8850b
                                                                                                                                                                                                                                                                            • Instruction ID: d5822fa232ccefc783b11f3939e85024ff12e01de4e08f4f9e82b0fbfdc91bd0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 173437cb49e6e245802426062e8c9269361c02cbe97ad1209708bb3825e8850b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3918FB0A007219BEB90EF29CDC4A5AB7E4FF08205B055529FC4A9B301D735E955CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A77AD0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A77B1B
                                                                                                                                                                                                                                                                            • sqlite3_exec.SYSTEM.DATA.SQLITE(?,?,10047950,?,?), ref: 06A77B65
                                                                                                                                                                                                                                                                              • Part of subcall function 06A6B0B0: sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,06A6EBCD,?), ref: 06A6B177
                                                                                                                                                                                                                                                                              • Part of subcall function 06A6B0B0: _memset.LIBCMT ref: 06A6B1E6
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE ref: 06A77B9B
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A5DCC,?), ref: 06A77BAA
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A77BB9
                                                                                                                                                                                                                                                                            • sqlite3_realloc.SYSTEM.DATA.SQLITE(?,?), ref: 06A77C0F
                                                                                                                                                                                                                                                                            • sqlite3_free_table.SYSTEM.DATA.SQLITE(?), ref: 06A77B86
                                                                                                                                                                                                                                                                              • Part of subcall function 06A77C70: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,00000000,?,06A77C28,?), ref: 06A77C98
                                                                                                                                                                                                                                                                              • Part of subcall function 06A77C70: sqlite3_free.SYSTEM.DATA.SQLITE(06A77C24,?,00000000,?,06A77C28,?), ref: 06A77CA6
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A77BD5
                                                                                                                                                                                                                                                                            • sqlite3_free_table.SYSTEM.DATA.SQLITE(?), ref: 06A77BE9
                                                                                                                                                                                                                                                                            • sqlite3_free_table.SYSTEM.DATA.SQLITE(?), ref: 06A77C23
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_free_table.$_memsetsqlite3_exec.sqlite3_initialize.sqlite3_mprintf.sqlite3_realloc.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 984186132-0
                                                                                                                                                                                                                                                                            • Opcode ID: 73fb97af640cb93af9cd5e4e520ae8241e1be99c5b014bde796c011ce501130f
                                                                                                                                                                                                                                                                            • Instruction ID: b9757d49f4d7423d3fcfe2cf1ef249ce688e474ff980669b96a63a470f6328fc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73fb97af640cb93af9cd5e4e520ae8241e1be99c5b014bde796c011ce501130f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76516DB6A083449FD780EF58ED8092BB7E4EBC4614F94482DF485CB311E635E948CBA3
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8C5A0 Relevance: 15.2, APIs: 10, Instructions: 150COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8BEB0: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,06A8C54B,?,?), ref: 06A8BEFF
                                                                                                                                                                                                                                                                              • Part of subcall function 06A88680: sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A88696
                                                                                                                                                                                                                                                                              • Part of subcall function 06A88680: sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A886C5
                                                                                                                                                                                                                                                                              • Part of subcall function 06A885B0: sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A885D6
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            • sqlite3_exec.SYSTEM.DATA.SQLITE(?,00000000,00000000,00000000,00000000), ref: 06A8C658
                                                                                                                                                                                                                                                                              • Part of subcall function 06A6B0B0: sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,06A6EBCD,?), ref: 06A6B177
                                                                                                                                                                                                                                                                              • Part of subcall function 06A6B0B0: _memset.LIBCMT ref: 06A6B1E6
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A8C663
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8C676
                                                                                                                                                                                                                                                                            • sqlite3_exec.SYSTEM.DATA.SQLITE(?,00000000,00000000,00000000,00000000), ref: 06A8C6A4
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A8C6AF
                                                                                                                                                                                                                                                                            • sqlite3_exec.SYSTEM.DATA.SQLITE(?,00000000,00000000,00000000,00000000), ref: 06A8C6DB
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A8C6E6
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8C713
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8C720
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8C72D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.$sqlite3_exec.$_memsetsqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 495773430-0
                                                                                                                                                                                                                                                                            • Opcode ID: 60487bb5fa0698bad382edecf150a58fde4e111eca988854aa7e80a1567ac1bb
                                                                                                                                                                                                                                                                            • Instruction ID: 08cd55c743aab6fbdbcb4a0fe8da2dc848e8e8088c5db318595387f12afe9b4c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 60487bb5fa0698bad382edecf150a58fde4e111eca988854aa7e80a1567ac1bb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5541DFB1A04210AFD690FB699D85D6B73ACEF84218F054528F919A7202F735EE14C7F2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AA4613 Relevance: 15.1, APIs: 10, Instructions: 95COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __calloc_crt.LIBCMT ref: 06AA462C
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA6937: __calloc_impl.LIBCMT ref: 06AA6948
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA6937: Sleep.KERNEL32(00000000), ref: 06AA695F
                                                                                                                                                                                                                                                                            • __calloc_crt.LIBCMT ref: 06AA4650
                                                                                                                                                                                                                                                                            • __calloc_crt.LIBCMT ref: 06AA466C
                                                                                                                                                                                                                                                                            • __copytlocinfo_nolock.LIBCMT ref: 06AA4691
                                                                                                                                                                                                                                                                            • __setlocale_nolock.LIBCMT ref: 06AA469E
                                                                                                                                                                                                                                                                            • ___removelocaleref.LIBCMT ref: 06AA46AA
                                                                                                                                                                                                                                                                            • ___freetlocinfo.LIBCMT ref: 06AA46B1
                                                                                                                                                                                                                                                                            • __setmbcp_nolock.LIBCMT ref: 06AA46C9
                                                                                                                                                                                                                                                                            • ___removelocaleref.LIBCMT ref: 06AA46DE
                                                                                                                                                                                                                                                                            • ___freetlocinfo.LIBCMT ref: 06AA46E5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2969281212-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6853374a1bde20093372e8fe8f84df69618b4a01c6c89d9758a6f6bfa1d8a038
                                                                                                                                                                                                                                                                            • Instruction ID: 21c2d92b054cf0522dd164c3283403c7c1d5dfaf7b39366670b13138037463a6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6853374a1bde20093372e8fe8f84df69618b4a01c6c89d9758a6f6bfa1d8a038
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3821BA35504701AFEFEA7F19DE01D5AB7E4DF49750B22842FF4B49B250EFB298408A94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A95CD0 Relevance: 15.0, APIs: 10, Instructions: 44COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?), ref: 06A95CE5
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,06A9676D), ref: 06A95CF4
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,06A9676D), ref: 06A95D03
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,06A9676D), ref: 06A95D12
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,?,06A9676D), ref: 06A95D21
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,?,?,06A9676D), ref: 06A95D30
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,06A9676D), ref: 06A95D3F
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,06A9676D), ref: 06A95D4E
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,06A9676D), ref: 06A95D5D
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,06A9676D), ref: 06A95D66
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_finalize.$sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3904888283-0
                                                                                                                                                                                                                                                                            • Opcode ID: e218de4966355d6bee79453605c8c962eb512d232402582a9c20e6105f582ff8
                                                                                                                                                                                                                                                                            • Instruction ID: d40d85c1a5ed6da11e36ca47164737fae8a2e8e9f1e2682c889c12a4468c5f9a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e218de4966355d6bee79453605c8c962eb512d232402582a9c20e6105f582ff8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C01C2F0902B0057D5E4BB34AD8DA5BF3949F8023CF194A2CE47F56241EA3BF52586D6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A90750 Relevance: 13.9, APIs: 9, Instructions: 371COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A90813
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?), ref: 06A9084D
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?), ref: 06A90895
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?), ref: 06A9094F
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?), ref: 06A909D9
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?), ref: 06A909F1
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A90ADC
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?), ref: 06A90B1D
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?), ref: 06A90BDA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3058578787-0
                                                                                                                                                                                                                                                                            • Opcode ID: 89cb92792795f151e3ea478241495ed284cd72b367172ee34bc1af1a533337df
                                                                                                                                                                                                                                                                            • Instruction ID: cbbe4c0b2b420d5a1cc272961ce54c9c9b16c58981524456e2df753ae9da9d2f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89cb92792795f151e3ea478241495ed284cd72b367172ee34bc1af1a533337df
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60E15CB5904311CFDB94EF19C98092BB7F5BF88394F25892DE8999B311D730E944CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9B740 Relevance: 13.7, APIs: 9, Instructions: 218COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_value_bytes.SYSTEM.DATA.SQLITE(00000000), ref: 06A9B80D
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9B820
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9B844
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A9B93F
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A9B94C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A9B959
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9B96C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A9B979
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A9B986
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.$sqlite3_result_error_nomem.sqlite3_result_error_toobig.sqlite3_value_bytes.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3365947012-0
                                                                                                                                                                                                                                                                            • Opcode ID: 51c3ce84ad3af03a7c955d4eb9df33e1800a08b29ed123b9819bf69c32c743cc
                                                                                                                                                                                                                                                                            • Instruction ID: a580dcb863ab52eda713c1bf1a51b2ccb71c8237e228d59bcd29be2829c57051
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51c3ce84ad3af03a7c955d4eb9df33e1800a08b29ed123b9819bf69c32c743cc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F615871E043429BDF94FF28AD80767B7E5AF94244F29452DE8998B201E731E944CBF2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A3C460 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 310COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,06A3F758,00000000,?,?), ref: 06A3C56D
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A3C5B4
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,06A3F758), ref: 06A3C631
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,?,?,?,?,06A3F758,00000000,?,?,?,?,?,?,00000000), ref: 06A3C6B2
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,00000000,?,?,?,?,06A3F758,00000000,?,?), ref: 06A3C713
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A3C730
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$_memset
                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                            • API String ID: 1929870871-3887548279
                                                                                                                                                                                                                                                                            • Opcode ID: 596cf942955a1025e669db187934e32490a80ce80e418b002cac8c16e53668de
                                                                                                                                                                                                                                                                            • Instruction ID: 92f889b9bb379327d13844e306a3ad46538e00537a83dfcfda9f9ac8a3f6423e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 596cf942955a1025e669db187934e32490a80ce80e418b002cac8c16e53668de
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7B1D4B19047509BD7A0EF28CD80767BBE0AF94324F08491DF8AADB341E779E544CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A46E20 Relevance: 11.0, APIs: 2, Strings: 4, Instructions: 493COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: N$d$gfff$gfff
                                                                                                                                                                                                                                                                            • API String ID: 0-3085505530
                                                                                                                                                                                                                                                                            • Opcode ID: 241e42b781993837f1731f3b27e36e931f11bf5592529c0a79de6619650eedc7
                                                                                                                                                                                                                                                                            • Instruction ID: 4dface013081c4b19ca23d69a11f28f34e4051228d36dd7d819744ee39529e71
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 241e42b781993837f1731f3b27e36e931f11bf5592529c0a79de6619650eedc7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B02DF70A042818FD7A4FF29CC80B6AB7E1EFC5314F18496DE8958B291D735E845CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A911A0 Relevance: 10.9, APIs: 7, Instructions: 367COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,00000000,?), ref: 06A911F5
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A573C,?,?,?,?,?,00000000,?), ref: 06A91206
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A9123F
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,00000000,?), ref: 06A91283
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A912F9
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A9155F
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A915AF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_step.$_memsetsqlite3_initialize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 910014721-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7a6cda1f7b022635df07fabce87a5dba18ccc0381c7d81ab2497489cd9dcba83
                                                                                                                                                                                                                                                                            • Instruction ID: 430380ce022b447eff7bb4d9c50dcf69cbd71c60af8fac22c0f063a4c00b60f1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a6cda1f7b022635df07fabce87a5dba18ccc0381c7d81ab2497489cd9dcba83
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55D18FB1E003029BEBA0EF28DD80B66B7F4AF44708F254528E956DB741E734ED54CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A876A0 Relevance: 10.8, APIs: 7, Instructions: 283COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,06A87A33,?,?,00000006,00000000), ref: 06A876A9
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A87707
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A87736
                                                                                                                                                                                                                                                                            • sqlite3_close.SYSTEM.DATA.SQLITE(00000000), ref: 06A87746
                                                                                                                                                                                                                                                                            • sqlite3_vfs_find.SYSTEM.DATA.SQLITE(?), ref: 06A877E7
                                                                                                                                                                                                                                                                            • sqlite3_close.SYSTEM.DATA.SQLITE(00000000), ref: 06A879E6
                                                                                                                                                                                                                                                                              • Part of subcall function 06A63400: _memset.LIBCMT ref: 06A63480
                                                                                                                                                                                                                                                                              • Part of subcall function 06A63BC0: _memset.LIBCMT ref: 06A63BED
                                                                                                                                                                                                                                                                              • Part of subcall function 06A63BC0: _memset.LIBCMT ref: 06A63C3A
                                                                                                                                                                                                                                                                              • Part of subcall function 06A67220: sqlite3_overload_function.SYSTEM.DATA.SQLITE(00000000,100A7870,00000002), ref: 06A67265
                                                                                                                                                                                                                                                                              • Part of subcall function 06A6BB90: sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A6BC3D
                                                                                                                                                                                                                                                                            • sqlite3_errcode.SYSTEM.DATA.SQLITE(00000000,00000000,00000000,00000000), ref: 06A8795A
                                                                                                                                                                                                                                                                              • Part of subcall function 06A92B20: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,00000000,00000000,06A87971,00000000), ref: 06A92B28
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9A010: sqlite3_create_function.SYSTEM.DATA.SQLITE(00000000,100A9570,00000002,00000001,00000000,10069CE0,00000000,00000000,06A87982), ref: 06A9A025
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9A010: sqlite3_create_function.SYSTEM.DATA.SQLITE(00000000,100A957C,00000001,00000001,00000000,10069EE0,00000000,00000000,?,?,?,?,?,?,?,06A87982), ref: 06A9A043
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memset$sqlite3_close.sqlite3_create_function.sqlite3_free.sqlite3_initialize.$sqlite3_errcode.sqlite3_overload_function.sqlite3_vfs_find.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2188053865-0
                                                                                                                                                                                                                                                                            • Opcode ID: 917f34599237cc2f621d70fec73547e20cf719851527adad53e0ee12c9615e07
                                                                                                                                                                                                                                                                            • Instruction ID: b05fb3b3c129214f73954d52d3e6e32d1bcb68a9bf0c38ce3ec98795f23537d3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 917f34599237cc2f621d70fec73547e20cf719851527adad53e0ee12c9615e07
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6A1C7B1D04248AFEBE0FF58CC80BAE7B98EB04348F654029FD599B241D675E984C7A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9C040 Relevance: 10.8, APIs: 7, Instructions: 280COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9C170
                                                                                                                                                                                                                                                                            • sqlite3_result_text.SYSTEM.DATA.SQLITE(?,00000000,000000FF,000000FF), ref: 06A9C188
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4C880: sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A4C8A7
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9C1B7
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9C1DF
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A9C2F5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_result_error_nomem.$sqlite3_free.sqlite3_initialize.sqlite3_result_error_toobig.sqlite3_result_text.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3799604040-0
                                                                                                                                                                                                                                                                            • Opcode ID: a3e1ac84d702032640e06e48beb1bdead46c37262b6beaa7abe329d557a2d482
                                                                                                                                                                                                                                                                            • Instruction ID: 3cbab05a4e047d9ddba0ff3a87a9de5d62f28d5b78c103a9f8cea387e6670df9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3e1ac84d702032640e06e48beb1bdead46c37262b6beaa7abe329d557a2d482
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5912672A04B014BDB90FF68DD8075AB7E1EF85274F244669EC5ACB241E631E940C7F2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9BDB0 Relevance: 10.8, APIs: 7, Instructions: 250COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9BECE
                                                                                                                                                                                                                                                                            • sqlite3_result_text.SYSTEM.DATA.SQLITE(?,00000000,000000FF,000000FF), ref: 06A9BEE6
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4C880: sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A4C8A7
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9BF0F
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9BF3B
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A9C008
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A9C01B
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A9C024
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_result_error_nomem.sqlite3_result_error_toobig.$sqlite3_initialize.sqlite3_result_text.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1386459068-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8b025f39d687bed39c2150b239919a5521b52bfd13882c16a9a700c8e3adb258
                                                                                                                                                                                                                                                                            • Instruction ID: 6b8017a469051bee2d84c31f8b7f97a3a7832eb865de31ba55fdf94a34cf8852
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b025f39d687bed39c2150b239919a5521b52bfd13882c16a9a700c8e3adb258
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48717875A047018BDB90FF28EC80757B7E5AF85218F240669E959CB301E731E945CBF1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9BB20 Relevance: 10.7, APIs: 7, Instructions: 249COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9BC4C
                                                                                                                                                                                                                                                                            • sqlite3_result_text.SYSTEM.DATA.SQLITE(?,00000000,000000FF,000000FF), ref: 06A9BC64
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4C880: sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A4C8A7
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9BC81
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9BCA9
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A9BD7D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_result_error_nomem.$sqlite3_free.sqlite3_initialize.sqlite3_result_error_toobig.sqlite3_result_text.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3799604040-0
                                                                                                                                                                                                                                                                            • Opcode ID: 83252bb3d1d28784f10af4923b498569fb505c29e4359aad92e99d0f21584042
                                                                                                                                                                                                                                                                            • Instruction ID: 7b5fe5f176a5bd9994cb48d2e813029162cd20cc94c1daeac8789567e373d56b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83252bb3d1d28784f10af4923b498569fb505c29e4359aad92e99d0f21584042
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F814772A043419BDB90FF28ED8065BB7E4EF84254F240669E8598B342EB31E954C7F1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A38610 Relevance: 10.7, APIs: 7, Instructions: 224COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A3863E
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A3864D
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A3867A
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A386CD
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A38873
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?), ref: 06A3887D
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A388AB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$_memsetsqlite3_initialize.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1817680676-0
                                                                                                                                                                                                                                                                            • Opcode ID: 990cbed7b057f05c44b318a3a6757491f25564af6fc0fb5b3e732b2bdb0f350c
                                                                                                                                                                                                                                                                            • Instruction ID: e87e3acb335cfc967b4ff5a52e29ca978ae34d5d5c1a12e4a3fefe6b9f12a1dd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 990cbed7b057f05c44b318a3a6757491f25564af6fc0fb5b3e732b2bdb0f350c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3271D4B1A083619FD790FF14CD8071BB7E5AF84748F19492CF9959B241E739E908CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A99CE0 Relevance: 10.7, APIs: 7, Instructions: 156COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A99D25
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(00000200,?,100A61E0,?,?,?,?), ref: 06A99DE0
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(00000200,?,100A9538), ref: 06A99E20
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A953C,?,?), ref: 06A99E56
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A99E61
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A9544,?), ref: 06A99E7C
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A99ECC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_mprintf.sqlite3_snprintf.$_memsetsqlite3_free.sqlite3_result_error_toobig.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3920618075-0
                                                                                                                                                                                                                                                                            • Opcode ID: 890dc1463106bdde67964b06fb8bb8bea1124ff9640b9ae9ad26a81908514676
                                                                                                                                                                                                                                                                            • Instruction ID: 1857bb1aa7664c88be63ce9f2e51a8c1be72ccbf4cb5090a6132d96ea9b41fe7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 890dc1463106bdde67964b06fb8bb8bea1124ff9640b9ae9ad26a81908514676
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E651C5719083409FD7A0EF68CD50AABBBF5AFC6340F19492DE9E987241E731D504CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8C2E0 Relevance: 10.6, APIs: 7, Instructions: 53COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A8D1C,00000000,00000000,?,00000024,06A8C4CE,?,?,?), ref: 06A8C2F2
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A8D2C,00000000,100A8D18,?,?), ref: 06A8C311
                                                                                                                                                                                                                                                                              • Part of subcall function 06A352C0: sqlite3_vmprintf.SYSTEM.DATA.SQLITE(?,?), ref: 06A352D6
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,100A8D2C,00000000,100A8D18,?,?), ref: 06A8C319
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A8D34,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 06A8C338
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?), ref: 06A8C343
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A8D44,00000000,?,?,?,?,?), ref: 06A8C353
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,100A8D44,00000000,?,?,?,?,?), ref: 06A8C35B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_mprintf.$sqlite3_free.$sqlite3_vmprintf.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3902696782-0
                                                                                                                                                                                                                                                                            • Opcode ID: c4b567aea4ef537db4375ed8b37c92f18fed3455cc1e3e38734ea707ef38da7f
                                                                                                                                                                                                                                                                            • Instruction ID: 2f46b29e7eb51985075b5f4fbe33235130929da9b75b4479ad5d361a63e963e0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4b567aea4ef537db4375ed8b37c92f18fed3455cc1e3e38734ea707ef38da7f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8F0F4B2E012246B85D0BAED9D48C9FB79DDFD61A4B4A0074F625CB202F9259D01C3F2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8DB50 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?), ref: 06A8DB5A
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?), ref: 06A8DB7C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8DB88
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?), ref: 06A8DB91
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?), ref: 06A8DB9A
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8DBC1
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A8DBCA
                                                                                                                                                                                                                                                                              • Part of subcall function 06A93810: sqlite3_free.SYSTEM.DATA.SQLITE(06A93743,FA0438E8,5604C483,?,06A93743,?,?,?,?,00000001), ref: 06A9382C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_finalize.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3918079200-0
                                                                                                                                                                                                                                                                            • Opcode ID: 395989d58ffe3b3c097d1018f8050c2d1d18f9c79b250ba6bd6e9697a4910082
                                                                                                                                                                                                                                                                            • Instruction ID: 5993a7e901a684ac88109c818463fad81db99e989684a7323cda5dcdbb284a12
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 395989d58ffe3b3c097d1018f8050c2d1d18f9c79b250ba6bd6e9697a4910082
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 860117B5904B109FCBE0FF799E44A17B3F8AF882103054E2DE49ACBA02E635F415CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A93480 Relevance: 9.3, APIs: 6, Instructions: 254COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,00000001), ref: 06A934F2
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 06A93571
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A93592
                                                                                                                                                                                                                                                                              • Part of subcall function 06A93810: sqlite3_free.SYSTEM.DATA.SQLITE(06A93743,FA0438E8,5604C483,?,06A93743,?,?,?,?,00000001), ref: 06A9382C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 06A93678
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,00000001), ref: 06A9372A
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,00000001), ref: 06A93753
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3058578787-0
                                                                                                                                                                                                                                                                            • Opcode ID: e6902e5823f2b9252f642206b93f9a2be826b43b915b9edec972417d94b79022
                                                                                                                                                                                                                                                                            • Instruction ID: 3f61912ce577465a707268df036853007aa9a59fdc830fd0be36a650a7408350
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6902e5823f2b9252f642206b93f9a2be826b43b915b9edec972417d94b79022
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A9160F59183018FDF94EF19D980A1BB7F4AF88614F25892DE95ACB300E771E504CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A661A0 Relevance: 9.2, APIs: 6, Instructions: 249COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_value_bytes.SYSTEM.DATA.SQLITE(?), ref: 06A6623D
                                                                                                                                                                                                                                                                            • sqlite3_value_bytes.SYSTEM.DATA.SQLITE(?), ref: 06A66267
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A6636C
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A6642B
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A6643E
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A6645B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_result_error_toobig.sqlite3_value_bytes.$sqlite3_initialize.sqlite3_result_error_nomem.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4009759512-0
                                                                                                                                                                                                                                                                            • Opcode ID: 898322f007b0f58e6ac382e081f157585e197b8b7c6dcc9f1a6db90e1b5d2d31
                                                                                                                                                                                                                                                                            • Instruction ID: 73e6e218991e6fffd0253801c6ac7d85345f6f18062dc9eaf3c0a54bd64f3718
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 898322f007b0f58e6ac382e081f157585e197b8b7c6dcc9f1a6db90e1b5d2d31
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6481E4B5D083415BC790EF29DC80A6BBBE5AFC4214F04592DF9999B301E731E945CBA3
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A6B6F0 Relevance: 9.2, APIs: 6, Instructions: 209COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A6FE0), ref: 06A6B722
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A6B77B
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(0000012C,00000000,100A798C,?,?), ref: 06A6B79B
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(0000012C,00000000,100A79B0,?,?,?,?,?,?), ref: 06A6B818
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A79DC,?,?,?,?,?,?,?,?), ref: 06A6B889
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?), ref: 06A6B898
                                                                                                                                                                                                                                                                              • Part of subcall function 06A33DE0: _memset.LIBCMT ref: 06A33DF4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memsetsqlite3_mprintf.sqlite3_snprintf.$sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3799048934-0
                                                                                                                                                                                                                                                                            • Opcode ID: 85d6bcaffedaca2adf7d70cea4be02ec6455c00ea2bc9d05e767dd8d8a32e554
                                                                                                                                                                                                                                                                            • Instruction ID: 546c239539290323b00dff8ee0e6ba17370817a2f7c1fa3af072c73f647c8196
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85d6bcaffedaca2adf7d70cea4be02ec6455c00ea2bc9d05e767dd8d8a32e554
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC517176A042015FD780FB59ED40BAB73E9EFC8714F454529FA588B200E739E919C7A2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9C330 Relevance: 9.2, APIs: 6, Instructions: 182COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9C37D
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9C39D
                                                                                                                                                                                                                                                                            • _strncpy.LIBCMT ref: 06A9C404
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A9C49F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _strncpysqlite3_free.sqlite3_initialize.sqlite3_result_error_nomem.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 820921127-0
                                                                                                                                                                                                                                                                            • Opcode ID: 50fd93e904ee08f188cdf7b1fae9dea1d91d6cc24163a5dc2516409deff15ca3
                                                                                                                                                                                                                                                                            • Instruction ID: dabc3243bf0de43a84786d00dd373d2fee6430b382331103e4785f8d022c5813
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50fd93e904ee08f188cdf7b1fae9dea1d91d6cc24163a5dc2516409deff15ca3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26513672B04B415BDB90BB389D4866BF3D59FC0274F290529E8978B381EB25E905C7F1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8C370 Relevance: 9.2, APIs: 6, Instructions: 178COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?), ref: 06A8C37B
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A8C3AD
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A8D60,?,?,?,?,?,?,?), ref: 06A8C452
                                                                                                                                                                                                                                                                            • sqlite3_declare_vtab.SYSTEM.DATA.SQLITE(?,00000000), ref: 06A8C4D9
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,00000000), ref: 06A8C4E1
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A8C506
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memset$sqlite3_declare_vtab.sqlite3_free.sqlite3_initialize.sqlite3_mprintf.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2985689106-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9e59d30925f6288dc93c1b4cd25c899940e46121cb2b90427194c1b31f8bb50c
                                                                                                                                                                                                                                                                            • Instruction ID: 61d537082d571551b69c01c48600d18df4cee73370fde1934e4088b087f12e63
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e59d30925f6288dc93c1b4cd25c899940e46121cb2b90427194c1b31f8bb50c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8651CF75A003059FD760FF58DC80A6AB3E5EFC4220F158629E85A8B340E739ED49CBB1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A5EA40 Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(500A74C0,?,?,?,00000000,?,06A63AA9,00000000,?,?), ref: 06A5EABE
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(75DB8504,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A5EB07
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(441815FF,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A5EB41
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(F8A15774,?,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?), ref: 06A5EB84
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(C483100D,?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7), ref: 06A5EBDB
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(06A63AA9,?,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?), ref: 06A5EC1A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-0
                                                                                                                                                                                                                                                                            • Opcode ID: eb7abdb4bb9e4e8d2961248d48ab915b9a3066a70c58e98cc9354b2cf11ca278
                                                                                                                                                                                                                                                                            • Instruction ID: ac4604177c1535df2a6c048c36015537ecf4a731fb7251f21312bf31f8198974
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb7abdb4bb9e4e8d2961248d48ab915b9a3066a70c58e98cc9354b2cf11ca278
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B85150B59007419BDBB0FF25D580BAAB3A5BB40611F078D1ADD5BAB206E731FA01C7A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A37750 Relevance: 9.2, APIs: 6, Instructions: 155COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(000000E6,?,100A5DCC,100D5FC4), ref: 06A3777A
                                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32 ref: 06A377A3
                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(000000E6,?), ref: 06A377CE
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(000000E7,?,100A5DD0,00000000), ref: 06A37894
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_snprintf.$PathTempVersion
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 940931082-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3503e36247180ba78912d118ddb4964e834c21189506d215aa89325799d797b7
                                                                                                                                                                                                                                                                            • Instruction ID: 035aad9a5ba6e77e3395000f50b69bfd0d796343e99a5705cc19781365ed2674
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3503e36247180ba78912d118ddb4964e834c21189506d215aa89325799d797b7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B5143B1D083A09BF3B1BB74DD84BAB7BD8EB48350F04092CF9958A091E635C548C3B6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4B6A0 Relevance: 9.1, APIs: 6, Instructions: 148COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,00000000,06A4C3A5), ref: 06A4B738
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,06A4C3A5), ref: 06A4B781
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,06A4C3A5), ref: 06A4B7BE
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A4B7FF
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,06A4C3A5), ref: 06A4B83C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,06A4C3A5), ref: 06A4B871
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-0
                                                                                                                                                                                                                                                                            • Opcode ID: 247c7eae406276a58d68c0a3aa5d540d3a6c303a194819ee33c4ffac7e7ab22d
                                                                                                                                                                                                                                                                            • Instruction ID: 8324dc7942f2c5bd411d537e9b998fbfc45ea5a6c581f1758dcae4d5bf29e8b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 247c7eae406276a58d68c0a3aa5d540d3a6c303a194819ee33c4ffac7e7ab22d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6512D74A05A42DFD7A4FF25CD80BAAF3A4BF84300F158A1AD96A9B640D735F450CBB1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A5E870 Relevance: 9.1, APIs: 6, Instructions: 145COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(500A74C0,?,?,?,06A63AA9,06A5EAD2,06A63AA9,?,?,?,00000000,?,06A63AA9,00000000,?,?), ref: 06A5E8C6
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?), ref: 06A5E91D
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A5E957
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A5E991
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?), ref: 06A5E9CB
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,06A63AA9,06A5EAD2,06A63AA9,?,?,?,00000000,?,06A63AA9,00000000,?,?), ref: 06A5EA25
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6f065b7d964b5e200d321b071c8187cdc8d1b83e9d541a9ff734b824ec72bc53
                                                                                                                                                                                                                                                                            • Instruction ID: dbf451eec1fef6583bf57f445cce7c12875bb25ee809030d23e401ad30a0b0fc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f065b7d964b5e200d321b071c8187cdc8d1b83e9d541a9ff734b824ec72bc53
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98512275900A81DBDBA1EF25C58079AF3F5BF44201F168C1BDDAFEB205D631A644CB62
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9C6F0 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9C757
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9C777
                                                                                                                                                                                                                                                                            • _strncpy.LIBCMT ref: 06A9C787
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A9C7F6
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A9C804
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A9C80D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$_strncpysqlite3_initialize.sqlite3_result_error_nomem.sqlite3_result_error_toobig.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1185436618-0
                                                                                                                                                                                                                                                                            • Opcode ID: fc82bc194b41070d70bababf5a7a6bdd9311a22a5d29f4acb596b820c4f4af2b
                                                                                                                                                                                                                                                                            • Instruction ID: 3f532207d6c7243745f48c5fa6a520da3311c03550897bc8d3683351030c6b72
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc82bc194b41070d70bababf5a7a6bdd9311a22a5d29f4acb596b820c4f4af2b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F415B72B00B4117DBE0BF289D4076773D98F91264F15042DD55B8B202FB26E906C3F1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A328AD Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 06A32902
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 06A32928
                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 06A32933
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(00000003,?,100A5D54,?,00000000,?,00000007,00000000,?,?,05265C00,00000000,?,?,05265C00,00000000), ref: 06A32960
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(00000004,?,100A5D64,00000001,?,?,05265C00,00000000), ref: 06A32985
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A32AF4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@sqlite3_snprintf.$__allremsqlite3_result_error_toobig.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2395191769-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2f46e702f1a801ffae3607744e7927513cbc19f9e701f70a9da1235046be5fcf
                                                                                                                                                                                                                                                                            • Instruction ID: 2205a07f6c1d75d9bbd50ae499e24767f75d98914a2ce6e2fbf4dde3eb978d77
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f46e702f1a801ffae3607744e7927513cbc19f9e701f70a9da1235046be5fcf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A31F4B2E04340ABE7A0EB68CC81B6B7BE1EFC1714F45491CF5955B381E675A901C792
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9DF60 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_close.SYSTEM.DATA.SQLITE(?), ref: 06A9DF66
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9DF87
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(00000000), ref: 06A9DFC5
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A9DFD8
                                                                                                                                                                                                                                                                            • sqlite3_close.SYSTEM.DATA.SQLITE(?), ref: 06A9DFF3
                                                                                                                                                                                                                                                                            • sqlite3_close.SYSTEM.DATA.SQLITE(?), ref: 06A9E01C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_close.$_memsetsqlite3_finalize.sqlite3_initialize.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2885122669-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5dd4a8710ca66d0f05c2cfd6bbada54dc20901c334966edd0d368ccace3b3c7f
                                                                                                                                                                                                                                                                            • Instruction ID: d3f19b4d5b75a3ba8cac1a2ad93bdb7476a7c170e35410fd3032c2b038fe8ed5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5dd4a8710ca66d0f05c2cfd6bbada54dc20901c334966edd0d368ccace3b3c7f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3411C4B6D052044FEBE0FE50BD40B2773D8AF90128F59043AEA099B241E932AC45D2B3
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AA3ABE Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 06AA3ACA
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA4BA1: __getptd_noexit.LIBCMT ref: 06AA4BA4
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA4BA1: __amsg_exit.LIBCMT ref: 06AA4BB1
                                                                                                                                                                                                                                                                            • __calloc_crt.LIBCMT ref: 06AA3AD5
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA6937: __calloc_impl.LIBCMT ref: 06AA6948
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA6937: Sleep.KERNEL32(00000000), ref: 06AA695F
                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 06AA3B0B
                                                                                                                                                                                                                                                                            • ___addlocaleref.LIBCMT ref: 06AA3B17
                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 06AA3B2B
                                                                                                                                                                                                                                                                            • InterlockedIncrement.KERNEL32(?), ref: 06AA3B3B
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA097E: __getptd_noexit.LIBCMT ref: 06AA097E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl__getptd
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3538106438-0
                                                                                                                                                                                                                                                                            • Opcode ID: bf08595f3cb85c71775fdcf99022c947c4192b31c572d5d49e6d9b450fbdc9e2
                                                                                                                                                                                                                                                                            • Instruction ID: 24f3f3325cc0660df36abf5ea016e11411ac209272f8fa58db8b9a2ef0475b93
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf08595f3cb85c71775fdcf99022c947c4192b31c572d5d49e6d9b450fbdc9e2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E019A31641701EEEBE0BFA89F45B4CB7A1AF04720F22820BE464DB2C0CB7099408A25
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AB2B9A Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: 15c0e3a695192a0c079444fea78ed462e716d67e8b6fd514402b121544deb77b
                                                                                                                                                                                                                                                                            • Instruction ID: c068de6de8dec2dd1dd3360a2b60b4deb480212eb6ea98bdf54abd39050e9ab2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15c0e3a695192a0c079444fea78ed462e716d67e8b6fd514402b121544deb77b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7591AE30C0566A9EDFB5AB688C883F8BBB9AB45311F1421DBC099AA152C7754BC6CF41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AB2AEC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __wcstoi64
                                                                                                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                                                                                                            • API String ID: 398114495-2564639436
                                                                                                                                                                                                                                                                            • Opcode ID: 3d9a4938bb4b5a1fde9409b550acfe2ace07d5d343ea6159d18496e2282cc15e
                                                                                                                                                                                                                                                                            • Instruction ID: f29c4e8ecb218517f911d461d3a4440d72d176d854d556ffdb907127343d7814
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d9a4938bb4b5a1fde9409b550acfe2ace07d5d343ea6159d18496e2282cc15e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9381AB30C016299EDFB1AB648D887F8B7F8EB55315F1422EBC459AA192D7314BC1CF45
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A4AAD0 Relevance: 8.0, APIs: 5, Instructions: 492COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A4AC0B
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 06A4AE08
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-0
                                                                                                                                                                                                                                                                            • Opcode ID: 886f26679e5b777cc40189eaafd6ad29904b1e719235d7b82e53dde6efee70fa
                                                                                                                                                                                                                                                                            • Instruction ID: 03f29670c13d4fafdda5bffc2d6f15dab58edd1e0b3b2465dc8e0b5849b0101a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 886f26679e5b777cc40189eaafd6ad29904b1e719235d7b82e53dde6efee70fa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0F1BFB1A442129FD790FF68CC80B5AF3E4BFC4214F048629EAA99B245D735E855CBD2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A71A60 Relevance: 7.8, APIs: 5, Instructions: 262COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2102423945-0
                                                                                                                                                                                                                                                                            • Opcode ID: 846232ab74b31e8bb05518717eb6d88d1de4564760874e3a8e0e49b18cad515a
                                                                                                                                                                                                                                                                            • Instruction ID: 3d896bc259585ef51d2b434cd70f82eae3affea3c70f26e773b4964a916d17b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 846232ab74b31e8bb05518717eb6d88d1de4564760874e3a8e0e49b18cad515a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BA10771A043418FD790EF68CC80B6AB7F5AFC5204F19496EE8A69B312D735ED05CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A91650 Relevance: 7.7, APIs: 5, Instructions: 236COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8AFE0: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000), ref: 06A8B02D
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8AFE0: sqlite3_free.SYSTEM.DATA.SQLITE(100A5724), ref: 06A8B03E
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8AFE0: sqlite3_bind_int64.SYSTEM.DATA.SQLITE(?,00000001,?), ref: 06A8B063
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8AFE0: sqlite3_step.SYSTEM.DATA.SQLITE(?), ref: 06A8B074
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(00000000), ref: 06A916BA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_bind_int64.sqlite3_initialize.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2105840176-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1bc11b25e178bab2cef728d84055c3491a3eabd5dc922efb1faf64b32f57135e
                                                                                                                                                                                                                                                                            • Instruction ID: ab5a630c516ee983fd8e5e044acd355f91b3fb6fd46414c8298e83770aa92cb9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bc11b25e178bab2cef728d84055c3491a3eabd5dc922efb1faf64b32f57135e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED815DB5E083019FCB94EF55C98095BB7E9AFC8254F248D1EF999C7311E630E944CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8B5F0 Relevance: 7.7, APIs: 5, Instructions: 152COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,06A926DE,?,?), ref: 06A8B630
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A5744,?,?,?,?,?,06A926DE,?,?), ref: 06A8B641
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?), ref: 06A8B65C
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,00000001,?,06A926DE,?,?), ref: 06A8B686
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?), ref: 06A8B776
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_step.$sqlite3_initialize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3198691833-0
                                                                                                                                                                                                                                                                            • Opcode ID: c7062a39dcb0a9ddf77e2a0598600fc11ddaed33d6bf81fccbda15f5a66d87da
                                                                                                                                                                                                                                                                            • Instruction ID: 69525ce8165776c2789b6b2c18d5369a35fcbee9edd3071b5e27087dad865644
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7062a39dcb0a9ddf77e2a0598600fc11ddaed33d6bf81fccbda15f5a66d87da
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F4190B5B013119FEBE0BB29ED84B6673A4AF44214F1A0435E916DF351EB36E850CBB1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9C850 Relevance: 7.6, APIs: 5, Instructions: 149COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9C8C6
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9C8E6
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A9C96D
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A9C97B
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A9C984
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.sqlite3_result_error_nomem.sqlite3_result_error_toobig.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3101930445-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6b1b0ce58378243c1018c0ff5dee66ad57ee3179551c582e5fbdf10b426f3685
                                                                                                                                                                                                                                                                            • Instruction ID: 4d882d0f8c017817ca443b641cbf74024d7c28fdd27834713acecc35ace30cea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b1b0ce58378243c1018c0ff5dee66ad57ee3179551c582e5fbdf10b426f3685
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86415B62A04B550BDBE4BB389D4076777D5DF81178F290529D89B8B202E612E946C3F2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9C9C0 Relevance: 7.6, APIs: 5, Instructions: 144COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A9CA1C
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9CA3C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A9CAFC
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A9CB0A
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A9CB13
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.sqlite3_result_error_nomem.sqlite3_result_error_toobig.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3101930445-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9793fb99fbfda8d8eac92737449187d312ad99b02902b27ba894f99364d1e50a
                                                                                                                                                                                                                                                                            • Instruction ID: 6bba43f0ea450846b1bf24e8ef08b03935de3200be199461a2f4074797490b1f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9793fb99fbfda8d8eac92737449187d312ad99b02902b27ba894f99364d1e50a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07412972A04B015BDBA0FB289D407A7B3D69F90264F290569D887CF602F726E945C3F1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A373D0 Relevance: 7.6, APIs: 5, Instructions: 143sleepfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000001), ref: 06A3743B
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 06A3744B
                                                                                                                                                                                                                                                                            • UnlockFile.KERNEL32(?,100D449C,00000000,00000001,00000000), ref: 06A37494
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastSleepUnlock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 696175719-0
                                                                                                                                                                                                                                                                            • Opcode ID: ad337cb825dcfd2c6d0a584371a012baf87d7727b8060c5276af379579de7100
                                                                                                                                                                                                                                                                            • Instruction ID: f650cc131222a6f63694df6a2f8bb831c21cb37cbd78ddd84c64da172de240f3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad337cb825dcfd2c6d0a584371a012baf87d7727b8060c5276af379579de7100
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0641E2B1A043329BE760AF549C80B6BBBA4AB84720F10861EFD559B341C771E844CBE5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A77950 Relevance: 7.6, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A77995
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A5DCC,?), ref: 06A779D4
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A77A27
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A81C0,?), ref: 06A77A31
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A77A62
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_initialize.sqlite3_mprintf.$sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3748776034-0
                                                                                                                                                                                                                                                                            • Opcode ID: 041ff3b7a8008eedb04b086475fcb8e7098233542a06e3880919446105d873df
                                                                                                                                                                                                                                                                            • Instruction ID: d104288fa2da88f36c229071cc1f0147360ee2861e847250426dd77f37802da4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 041ff3b7a8008eedb04b086475fcb8e7098233542a06e3880919446105d873df
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB41BF71A003019FE7A1EF68DD80A67B3E5EF84315F108A2DE8A98B351E731E555CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A624D0 Relevance: 7.6, APIs: 5, Instructions: 126COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,06A5E8DC,06A5E8DC,06A5E8DC,?,06A6FB39,D0236600,06A5E8DC,06A5E8DC,06A5E8DC,06A6FD77,06A5E8DC,C483C88B,06A55F99,06A5E8DC,D13B6608), ref: 06A62534
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A62571
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?), ref: 06A625AB
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?), ref: 06A625E5
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,06A5E8DC,?,06A6FB39,D0236600,06A5E8DC,06A5E8DC,06A5E8DC,06A6FD77,06A5E8DC,C483C88B,06A55F99,06A5E8DC,D13B6608,?,?), ref: 06A6265C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-0
                                                                                                                                                                                                                                                                            • Opcode ID: db6f1c12769749c7edad8f46d746e9798a128a375bde7070596ea3877993ff03
                                                                                                                                                                                                                                                                            • Instruction ID: 86a60e762edf769aa7b39193da88868e13cacee4d6242ffe40bc533c988420fe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db6f1c12769749c7edad8f46d746e9798a128a375bde7070596ea3877993ff03
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 274157759017419BDBB0EF26D99079BB3E4AF40310F058D1BE96B9B208E634E641CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A65D9A Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_value_blob.SYSTEM.DATA.SQLITE ref: 06A65D9B
                                                                                                                                                                                                                                                                            • sqlite3_value_bytes.SYSTEM.DATA.SQLITE(00000000), ref: 06A65DA8
                                                                                                                                                                                                                                                                              • Part of subcall function 06A652C0: sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?,?,06A6628B,?), ref: 06A652DB
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,00000002,00000000), ref: 06A65E8F
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?,00000002,00000000), ref: 06A65E9F
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,00000002,00000000), ref: 06A65EA8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_result_error_toobig.$sqlite3_value_blob.sqlite3_value_bytes.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1903089245-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5879c86c3a662466360d398fcbf3fb3ae61c03859d393fc6c7543b9172fbbc8b
                                                                                                                                                                                                                                                                            • Instruction ID: 13243d27c10ce531a6e2044646e45efa10e6ec7b9e21a229ac97102ae8fa13a3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5879c86c3a662466360d398fcbf3fb3ae61c03859d393fc6c7543b9172fbbc8b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B315C76E0439057D7A0BB799C44B67B7A59F92214F0945B9E84ACF342E226E508C3E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A99860 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A9380,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 06A99891
                                                                                                                                                                                                                                                                            • sqlite3_exec.SYSTEM.DATA.SQLITE(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 06A998B6
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?), ref: 06A998BE
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A1554,?,?,?,00000000,?,?,?,?,?,?,06A99BFD,?,?,?,?), ref: 06A99941
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,?,?,?,?,?,?,06A99BFD,?,?,?,?), ref: 06A9996F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_mprintf.$sqlite3_exec.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 574396322-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1dc3e1a2ced16a696dadda79544faa6e0f63e635f821f30f50b3aa79c63e640d
                                                                                                                                                                                                                                                                            • Instruction ID: 2ef7bcd9c6ff301f75bdfea0f02f2eb7323b17c6144a81712de76ee106758535
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dc3e1a2ced16a696dadda79544faa6e0f63e635f821f30f50b3aa79c63e640d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4331E4B2904700AFC750EF55CC80B9BB7E8EFC8254F55092DF9AA97210E735B9458BA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A92B20 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,00000000,00000000,06A87971,00000000), ref: 06A92B28
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,00000000), ref: 06A92BA5
                                                                                                                                                                                                                                                                              • Part of subcall function 06A95150: sqlite3_create_function.SYSTEM.DATA.SQLITE(00000000,100A90F4,00000001,00000005,00000000,10064E00,00000000,00000000,00000000,06A92BBB,?,?,?,?,00000000), ref: 06A95165
                                                                                                                                                                                                                                                                              • Part of subcall function 06A95150: sqlite3_create_function.SYSTEM.DATA.SQLITE(00000000,100A90F4,00000002,00000005,00000000,10064E00,00000000,00000000,?,?,?,?,?,?,00000000,06A92BBB), ref: 06A95185
                                                                                                                                                                                                                                                                              • Part of subcall function 06A95150: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,00000000,06A92BBB,?,?,?,?,00000000), ref: 06A95191
                                                                                                                                                                                                                                                                              • Part of subcall function 06A95150: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,?,?,?,?,?,?,00000000,06A92BBB,?,?,?,?,00000000), ref: 06A95198
                                                                                                                                                                                                                                                                            • sqlite3_overload_function.SYSTEM.DATA.SQLITE(00000000,100A9028,000000FF,?,?,?,?,00000000), ref: 06A92BC9
                                                                                                                                                                                                                                                                            • sqlite3_overload_function.SYSTEM.DATA.SQLITE(00000000,100A9030,000000FF,?,?,?,?,?,?,?,00000000), ref: 06A92BDF
                                                                                                                                                                                                                                                                            • sqlite3_overload_function.SYSTEM.DATA.SQLITE(00000000,100A9038,000000FF,?,?,?,?,?,?,?,?,?,?,00000000), ref: 06A92BF5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_overload_function.$sqlite3_create_function.$sqlite3_initialize.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 28182426-0
                                                                                                                                                                                                                                                                            • Opcode ID: eeaac9c3387ccb7fa296c638d714285dc263e3287daf1ae0e08e556e149b2e15
                                                                                                                                                                                                                                                                            • Instruction ID: e66901d756553a1737ed533b92a6deebc05551b6e3c675d012001d38ed3d743c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eeaac9c3387ccb7fa296c638d714285dc263e3287daf1ae0e08e556e149b2e15
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C21D876E505217ADAD076A86D00B9AB2D48B102B5F150271EE2CEB386E719A91082E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A37B00 Relevance: 7.6, APIs: 5, Instructions: 94sleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A376D0: GetVersionExA.KERNEL32 ref: 06A376EF
                                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32 ref: 06A37B46
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 06A37B7D
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 06A37B9C
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 06A37BBD
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 06A37BDC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastSleepVersion
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2145038200-0
                                                                                                                                                                                                                                                                            • Opcode ID: 10d3d9b182e706c98f671d7ce76e55ddcb18d75021b27326b786a49a05bac0d2
                                                                                                                                                                                                                                                                            • Instruction ID: b584c2a8c9e7eefb41f771c4bf35a5078967f27200dbbfd28d879a5a9ae10134
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10d3d9b182e706c98f671d7ce76e55ddcb18d75021b27326b786a49a05bac0d2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53319E719142308FE764FF389DC4A7EB7F4BB85224F40092AF9A6CA252D734D8448A96
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8B510 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,?,00000000,?,?,06A91AD1), ref: 06A8B559
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A5740,?,?,?,?,?,?,00000000,?,?,06A91AD1), ref: 06A8B56A
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,06A91AD1), ref: 06A8B583
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,06A91AD1), ref: 06A8B5B2
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,00000000,?,?,06A91AD1), ref: 06A8B5CD
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_step.$sqlite3_initialize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3198691833-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5d7a3fc5349327069d0f100db2e567dcffde3089d319f9f2b54d653695fabf37
                                                                                                                                                                                                                                                                            • Instruction ID: 1b3eaa80aa6ee6b3e10936b17ccbd2ff90c4505d5fe0e661bf6844895a4cd8e0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d7a3fc5349327069d0f100db2e567dcffde3089d319f9f2b54d653695fabf37
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E21A4B1A143019FDB84FF74ED42A2B37E8AB80254F040938F826CB241F725F508C7A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8AD70 Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,?,?,06A91AA8), ref: 06A8ADAC
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A5710,?,?,?,?,?,?,?,06A91AA8), ref: 06A8ADBD
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,06A91AA8), ref: 06A8ADD4
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,06A91AA8), ref: 06A8ADE2
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,00000000,?,?,?,06A91AA8), ref: 06A8ADFB
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_step.$sqlite3_initialize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3198691833-0
                                                                                                                                                                                                                                                                            • Opcode ID: bc761caf07bc71eafb34e6e0cf7262e506aad0ef8dd92c85a10dbdf4ba9c51be
                                                                                                                                                                                                                                                                            • Instruction ID: 4801446a903cc962c7d7c887976f480baae979af29680ca2539c1061d87350b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc761caf07bc71eafb34e6e0cf7262e506aad0ef8dd92c85a10dbdf4ba9c51be
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E511E7B6B102245FE6E07B15BC80F373358EB8212AF250976FA17DF252E616E810C3B1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AB77EF Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileType.KERNEL32(?,?,?,100D00E8,0000000C), ref: 06AB7823
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,100D00E8,0000000C), ref: 06AB782D
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 06AB7834
                                                                                                                                                                                                                                                                            • __alloc_osfhnd.LIBCMT ref: 06AB7855
                                                                                                                                                                                                                                                                            • __set_osfhnd.LIBCMT ref: 06AB787F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 43408053-0
                                                                                                                                                                                                                                                                            • Opcode ID: d8b9981c06c9ddb3193fb94f230fda69cf5f63298c9029151eebb9a5616ac001
                                                                                                                                                                                                                                                                            • Instruction ID: 1e2c2fe3260c2146cc6242779b7cb2d54a391b359e7862982ddc4571424de192
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8b9981c06c9ddb3193fb94f230fda69cf5f63298c9029151eebb9a5616ac001
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4821C1319012159AEB92BFB8CE003E87B65AFC5328F199649E8B44F1E3C7B5C581DF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AA3AB3 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 06AA3A0A
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA1C51: __mtinitlocknum.LIBCMT ref: 06AA1C67
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA1C51: __amsg_exit.LIBCMT ref: 06AA1C73
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA1C51: RtlEnterCriticalSection.NTDLL(?), ref: 06AA1C7B
                                                                                                                                                                                                                                                                            • InterlockedDecrement.KERNEL32(00000000), ref: 06AA3A1C
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9F88D: __lock.LIBCMT ref: 06A9F8AB
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9F88D: ___sbh_find_block.LIBCMT ref: 06A9F8B6
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9F88D: ___sbh_free_block.LIBCMT ref: 06A9F8C5
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9F88D: HeapFree.KERNEL32(00000000,?,100CFAA0,0000000C,06AA1C32,00000000,100CFB60,0000000C,06AA1C6C,?,?,?,06AA505C,00000004,100CFCB8,0000000C), ref: 06A9F8F5
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9F88D: GetLastError.KERNEL32(?,06AA505C,00000004,100CFCB8,0000000C,06AA694D,?,?,00000000,00000000,00000000,?,06AA4B53,00000001,00000214), ref: 06A9F906
                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 06AA3A4A
                                                                                                                                                                                                                                                                            • ___removelocaleref.LIBCMT ref: 06AA3A59
                                                                                                                                                                                                                                                                            • ___freetlocinfo.LIBCMT ref: 06AA3A72
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __lock$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref___sbh_find_block___sbh_free_block__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1907232653-0
                                                                                                                                                                                                                                                                            • Opcode ID: cddb49463ac6ae2ea8c870f7adff366e40c04149c8d646e3201c0ab437d8946b
                                                                                                                                                                                                                                                                            • Instruction ID: 6a90e21d3552a5b2636ba69efa5ddc2d22c3ab4ebe1ca8fbdf9e0de0a118ad5f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cddb49463ac6ae2ea8c870f7adff366e40c04149c8d646e3201c0ab437d8946b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D117071901311AADFF4BF649E49B6D73E5AF00761F25465FE0A5DB180CB3AD980C660
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8EAB0 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,?,?,06A918E0,?), ref: 06A8EACC
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,00000000,?,?,06A918E0,?), ref: 06A8EADC
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,00000000,?,?,06A918E0,?), ref: 06A8EAE5
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,06A918E0,?), ref: 06A8EB03
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,06A918E0,?), ref: 06A8EB15
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2ca9754c830a81878193f0256d027ca2869a5eb7d4dbfec79dc348cc1ade7111
                                                                                                                                                                                                                                                                            • Instruction ID: aa7d31fb103378951919fe21e7019f6069816b30f95794d41688455b8aa3fd51
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ca9754c830a81878193f0256d027ca2869a5eb7d4dbfec79dc348cc1ade7111
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DF01DA6E006219B9ED0BF69AD88917E3AC7E549567098425A816EF202EA34E810C6A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AA30E2 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 06AA30EE
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA4BA1: __getptd_noexit.LIBCMT ref: 06AA4BA4
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA4BA1: __amsg_exit.LIBCMT ref: 06AA4BB1
                                                                                                                                                                                                                                                                            • __amsg_exit.LIBCMT ref: 06AA310E
                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 06AA311E
                                                                                                                                                                                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 06AA313B
                                                                                                                                                                                                                                                                            • InterlockedIncrement.KERNEL32(100D36C0), ref: 06AA3166
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4271482742-0
                                                                                                                                                                                                                                                                            • Opcode ID: cd8e88572623a56fbae55241c1dcccae481330128a2bd32963202046d3551611
                                                                                                                                                                                                                                                                            • Instruction ID: d74f6090a20358820f0891af0c221cbaaf822316c9b32ecb365e3fd3c9646425
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd8e88572623a56fbae55241c1dcccae481330128a2bd32963202046d3551611
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2013931E41721ABEEE5BF6589497A9BB60BB04750F05810AEC20AB690CB34E941CBF5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9F88D Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 06A9F8AB
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA1C51: __mtinitlocknum.LIBCMT ref: 06AA1C67
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA1C51: __amsg_exit.LIBCMT ref: 06AA1C73
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA1C51: RtlEnterCriticalSection.NTDLL(?), ref: 06AA1C7B
                                                                                                                                                                                                                                                                            • ___sbh_find_block.LIBCMT ref: 06A9F8B6
                                                                                                                                                                                                                                                                            • ___sbh_free_block.LIBCMT ref: 06A9F8C5
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,100CFAA0,0000000C,06AA1C32,00000000,100CFB60,0000000C,06AA1C6C,?,?,?,06AA505C,00000004,100CFCB8,0000000C), ref: 06A9F8F5
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,06AA505C,00000004,100CFCB8,0000000C,06AA694D,?,?,00000000,00000000,00000000,?,06AA4B53,00000001,00000214), ref: 06A9F906
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2714421763-0
                                                                                                                                                                                                                                                                            • Opcode ID: 84bb089f35619b9262c67c19570e53673b2083f3038b293458902971d037632a
                                                                                                                                                                                                                                                                            • Instruction ID: 1de93dab860415290e24a238fcc08decf904d8abc74297acbb2229c077b1110d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84bb089f35619b9262c67c19570e53673b2083f3038b293458902971d037632a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA016231D01311AEEFE47FB19E48B5E3BE8AF01364F25416AE924EF090DB349540DB65
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A6F380 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 355COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A6F3B9
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A6F7AB
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4A9E0: _memset.LIBCMT ref: 06A4AA55
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,06A6F856,?,?,?), ref: 06A6F761
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memsetsqlite3_free.
                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                            • API String ID: 798214537-3887548279
                                                                                                                                                                                                                                                                            • Opcode ID: 96fc9b1fabed53b60e6bcbc5a023dc2905542d736e11ebc8fc254725be83cee5
                                                                                                                                                                                                                                                                            • Instruction ID: e8baaccd07a2f14065d688cf161951b2a1a8143184c30afb62e701d10476f7fd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96fc9b1fabed53b60e6bcbc5a023dc2905542d736e11ebc8fc254725be83cee5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4D1C070A043419FEB94EF1AE984B6AB7E2AF44304F088529FC599F246D774E944CBD2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A3438A Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 336COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __aulldvrm$__aullrem
                                                                                                                                                                                                                                                                            • String ID: +
                                                                                                                                                                                                                                                                            • API String ID: 643879872-2126386893
                                                                                                                                                                                                                                                                            • Opcode ID: 1a941909cbeb8a25844ef322920f1c63be5f9557a763781590d853eb24d7ed18
                                                                                                                                                                                                                                                                            • Instruction ID: f8f786ca598027624c333bf5bcadb8116e610fe156db5af52f6fd65f209309ef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a941909cbeb8a25844ef322920f1c63be5f9557a763781590d853eb24d7ed18
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79C1D5709087A18FE795EF2898843AB7FE0EF8E244F19486DF8D58B251D730D505CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A34394 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 260COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __aulldvrm$__aullrem
                                                                                                                                                                                                                                                                            • String ID: -
                                                                                                                                                                                                                                                                            • API String ID: 643879872-2547889144
                                                                                                                                                                                                                                                                            • Opcode ID: fadece0fc56bf0e546d2be3a627af99d3eaeb952a259cced6e093a9cce4e1de1
                                                                                                                                                                                                                                                                            • Instruction ID: 203fa597e5d3d68ca3f2ba0a64fa5ca72f31840b21140459020e8f385d7f06bc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fadece0fc56bf0e546d2be3a627af99d3eaeb952a259cced6e093a9cce4e1de1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1091D870A087618FE795EF2898907AE7FE0EF8E244F19496DF8D98B251D730C505CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AC997D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 06AC9A0D
                                                                                                                                                                                                                                                                              • Part of subcall function 06ACACB0: __87except.LIBCMT ref: 06ACACEB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorHandling__87except__start
                                                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                                                            • API String ID: 2905807303-2276729525
                                                                                                                                                                                                                                                                            • Opcode ID: d763cd5913ae4caeb7a3ec931d94458fc867e941e77800d9eaeedcd67b9c4646
                                                                                                                                                                                                                                                                            • Instruction ID: 4f09b29423b855b1eb6c43c0a417f0295d99e8ecff6b52dec72208eeae59ec6e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d763cd5913ae4caeb7a3ec931d94458fc867e941e77800d9eaeedcd67b9c4646
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F517871E1C1098FEB95B758CE8037B6BA4DB80730F10896CE9E6492A5DF34C8C5CB86
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AB1BE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: $2$l
                                                                                                                                                                                                                                                                            • API String ID: 0-3132104027
                                                                                                                                                                                                                                                                            • Opcode ID: 4fa3a498171cb4ccde6a9ab5e7eb8aad2a9c538267468db6300443eda725ce8b
                                                                                                                                                                                                                                                                            • Instruction ID: b7fb4a9a6f0156f399d2ad7c89b4ece385fd04f40864ae6069b9278f3b069b6e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fa3a498171cb4ccde6a9ab5e7eb8aad2a9c538267468db6300443eda725ce8b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4418231D042698EDFB4AB1488993F87BB9AB02315F1421D7C0A96A593C7755FCACF41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AA7D24 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: $2$l
                                                                                                                                                                                                                                                                            • API String ID: 0-3132104027
                                                                                                                                                                                                                                                                            • Opcode ID: b3040f893d7f11ec620bd6d9ffa7c037ce5e1d398a82d1a996c155ce430332a6
                                                                                                                                                                                                                                                                            • Instruction ID: abd45461ee8c97f7bea88815f9e93cec5c448286699095aadabdcb596099d3bc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3040f893d7f11ec620bd6d9ffa7c037ce5e1d398a82d1a996c155ce430332a6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A441C074C0436A8EDFB4AF58CC983F97BB1AB05214F1401CBC5A66B192C77A8AC6CF41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A81250 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,-00000027,?,?,06A817E6,00000000,?,00000000), ref: 06A81284
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(-00000027,-00000027,?,?,06A817E6,00000000,?,00000000), ref: 06A812B7
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A81303
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-2766056989
                                                                                                                                                                                                                                                                            • Opcode ID: 45efb86e60d10cbe81ab456bcd21e0b422165c22f03e4e4fdb2ec05ad9486c07
                                                                                                                                                                                                                                                                            • Instruction ID: 882b82a29e5bac517378020e4b464d6580860d3ebd96d4f9c82f074daf49cd70
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45efb86e60d10cbe81ab456bcd21e0b422165c22f03e4e4fdb2ec05ad9486c07
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8119DB5800B42DFD7B0FF10D5807ABF3B0FB91201F15896ED95B5A205E735A892CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A94E00 Relevance: 6.3, APIs: 4, Instructions: 304COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A8D60,?), ref: 06A95039
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A95077
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000), ref: 06A950E5
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A9513A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_mprintf.sqlite3_result_error_toobig.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4286419971-0
                                                                                                                                                                                                                                                                            • Opcode ID: 13d785c8268da934932193760e6f182fcdbd287154af1f8afb2bae457c576b74
                                                                                                                                                                                                                                                                            • Instruction ID: 956f9587e18af0e51fa8ed6005ba5b5ad5d8e0640965e5679fe366275a854072
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13d785c8268da934932193760e6f182fcdbd287154af1f8afb2bae457c576b74
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19A11371A043019FEBA1FF28DC81BA6B7E4EF45348F240929E8858B641E735E949C7F1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A84F30 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d830e31ace873d51c835f1832e11f2d1c04bcff4c037dcebc9448af133f99487
                                                                                                                                                                                                                                                                            • Instruction ID: 60536dcdfc18cbb770ce1245442a0be8ab9b1db94b99b26999dedb25ae1321ef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d830e31ace873d51c835f1832e11f2d1c04bcff4c037dcebc9448af133f99487
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28D14F70E047429FDBE4FF64C88079AF7E0BB45314F048A6AEC699B241D734A954CBE2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A3B240 Relevance: 6.2, APIs: 4, Instructions: 226COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A3B276
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,06A3B801,?,?,?,?,?,00000000), ref: 06A3B28F
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A3B47A
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,06A3B801,?), ref: 06A3B498
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$_memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1929870871-0
                                                                                                                                                                                                                                                                            • Opcode ID: a84f9dbc17f20b9f4bca86911a97abc4ac7c014315efa891d226b370594c0b84
                                                                                                                                                                                                                                                                            • Instruction ID: 9a33502f642c022f5addd9fb2e9d00d1264e1b699ca66719ce86cda46aa4894b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a84f9dbc17f20b9f4bca86911a97abc4ac7c014315efa891d226b370594c0b84
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9271E4B1A043219FD750EF64CC81B67B7E6EF94254F084528F8998B351E734E905C7B6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AB293F Relevance: 6.2, APIs: 4, Instructions: 196COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 533d6663c7b4a927182ce7ba8b54368c840c5b68c44709908fccc23b036d73be
                                                                                                                                                                                                                                                                            • Instruction ID: 58ebcfed98a68a0700d1699f0cfdb9ed132c92f267450a2041d24fe359408bfe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 533d6663c7b4a927182ce7ba8b54368c840c5b68c44709908fccc23b036d73be
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9719B30D0166A9EDFB1BBA48D883F8B7B8EF45211F1422EBC058AA192D7314BC5CF45
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8E750 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?,06A8EBAE,?,?,?,?,?,?,?,?,?), ref: 06A8E75E
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,06A8EBAE,?,?,?,?,?,?,?,?,?), ref: 06A8E7A3
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,06A8EBAE,?,?,?,?,?,?,?,?), ref: 06A8E841
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,06A8EBAE,?,?,?,?,?,?,?), ref: 06A8E86C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_initialize.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 861066756-0
                                                                                                                                                                                                                                                                            • Opcode ID: b4b345e9349ea4c1b36f6d3ec01c82adc7c0ec767447cc0250026437758cfd48
                                                                                                                                                                                                                                                                            • Instruction ID: d50cfdc423036a46750cfbe439890d4b6076122a64fa8472b340b7f626db2ae4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4b345e9349ea4c1b36f6d3ec01c82adc7c0ec767447cc0250026437758cfd48
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A641ADB2A043018FD7A4FF39D98056BB7E5FB84214B154D3ED9AAC7641E731E508CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9B9C0 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_result_error_nomem.SYSTEM.DATA.SQLITE(?), ref: 06A9BA24
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE ref: 06A9BAED
                                                                                                                                                                                                                                                                            • sqlite3_result_error_toobig.SYSTEM.DATA.SQLITE(?), ref: 06A9BAFB
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?), ref: 06A9BB08
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_result_error_nomem.sqlite3_result_error_toobig.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1613789028-0
                                                                                                                                                                                                                                                                            • Opcode ID: cfcb3badf11f913cb2b9bafdf7703a97d5a214b267a38a549bfac8022014ed8b
                                                                                                                                                                                                                                                                            • Instruction ID: 7b48a63764c0f4193bac8aa222a05625b521dfa8b6d5316fa86e79daba0dedf8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfcb3badf11f913cb2b9bafdf7703a97d5a214b267a38a549bfac8022014ed8b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E412971A043415FDBA0FB28BD407BBB7E49F81650F14052AE8958B601E731E955C3F2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A9CBE0 Relevance: 6.1, APIs: 4, Instructions: 121COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _calloc$__calloc_impl_memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2771367083-0
                                                                                                                                                                                                                                                                            • Opcode ID: f92bc4ef70c76e1b93d063860dbb78f14baa8518f5137b8d9a39b77b5824db05
                                                                                                                                                                                                                                                                            • Instruction ID: 648ff36c112050919545877ece58e25144c70479f7df67cd4e014649a2f0b4c0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f92bc4ef70c76e1b93d063860dbb78f14baa8518f5137b8d9a39b77b5824db05
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C4190B0904B419FDBA0FF19C984616BBF0BF85314F25492EE9868B751D730F944CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A7BF10 Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,06A7C232,?), ref: 06A7BF38
                                                                                                                                                                                                                                                                              • Part of subcall function 06A4CD10: sqlite3_reset.SYSTEM.DATA.SQLITE(?), ref: 06A4CD77
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,06A7C232,?), ref: 06A7C017
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,?,06A7C232,?), ref: 06A7C029
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,06A7C232,?), ref: 06A7C036
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_finalize.sqlite3_step.$sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4035672916-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3a7b6a922230e5fe2604f6c7a668332a3f8f5a374b032159d368d1bbb2967ac6
                                                                                                                                                                                                                                                                            • Instruction ID: 8c2be190acaf9a52c4a73d97ebbc6b8a9283d973c4a3c119b4df07a7dab5cf0f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a7b6a922230e5fe2604f6c7a668332a3f8f5a374b032159d368d1bbb2967ac6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2731B6B5F002015FEBA0BF18DC04B6677949F40B15F150438F956DB280EA22F944CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A37CE0 Relevance: 6.1, APIs: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A376D0: GetVersionExA.KERNEL32 ref: 06A376EF
                                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32 ref: 06A37D0B
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9F88D: __lock.LIBCMT ref: 06A9F8AB
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9F88D: ___sbh_find_block.LIBCMT ref: 06A9F8B6
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9F88D: ___sbh_free_block.LIBCMT ref: 06A9F8C5
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9F88D: HeapFree.KERNEL32(00000000,?,100CFAA0,0000000C,06AA1C32,00000000,100CFB60,0000000C,06AA1C6C,?,?,?,06AA505C,00000004,100CFCB8,0000000C), ref: 06A9F8F5
                                                                                                                                                                                                                                                                              • Part of subcall function 06A9F88D: GetLastError.KERNEL32(?,06AA505C,00000004,100CFCB8,0000000C,06AA694D,?,?,00000000,00000000,00000000,?,06AA4B53,00000001,00000214), ref: 06A9F906
                                                                                                                                                                                                                                                                              • Part of subcall function 06A36DE0: _malloc.LIBCMT ref: 06A36E00
                                                                                                                                                                                                                                                                            • _malloc.LIBCMT ref: 06A37D3E
                                                                                                                                                                                                                                                                            • _malloc.LIBCMT ref: 06A37D8D
                                                                                                                                                                                                                                                                            • sqlite3_snprintf.SYSTEM.DATA.SQLITE(?,?,100A5DCC,00000000), ref: 06A37DF8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _malloc$Version$ErrorFreeHeapLast___sbh_find_block___sbh_free_block__locksqlite3_snprintf.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3448310304-0
                                                                                                                                                                                                                                                                            • Opcode ID: 826958fae95aac136e908859b46d54caa4f229760c53e9b38a469b713197ba1a
                                                                                                                                                                                                                                                                            • Instruction ID: d73b94170c31db091f93c08ce2ed4586a7c54e92f1186bcad78647cf0f5fcf58
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 826958fae95aac136e908859b46d54caa4f229760c53e9b38a469b713197ba1a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B31D7B2A002206FF2E4BB759E81FBF76DC9B44194F150034FD199A201FB69E90586BB
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AB72DF Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 06AB7313
                                                                                                                                                                                                                                                                            • __isleadbyte_l.LIBCMT ref: 06AB7347
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,00001000,?,00000000,00000000,?,?,?), ref: 06AB7378
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,00001000,00000001,00000000,00000000,?,?,?), ref: 06AB73E6
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3058430110-0
                                                                                                                                                                                                                                                                            • Opcode ID: 02a8b9a06408a235697c2f3f2640f7d70e4d9e967a02468ade7d1a6e8f460f9a
                                                                                                                                                                                                                                                                            • Instruction ID: c582d1969e3aaf3362715632663a84deb675e9a042b974eff6c59af5bd44bee7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02a8b9a06408a235697c2f3f2640f7d70e4d9e967a02468ade7d1a6e8f460f9a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0031E131A00246EFDF61EF64C884AFEBBB9BF81210F159569E8658F192E770D940DB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A37240 Relevance: 6.1, APIs: 4, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32 ref: 06A37268
                                                                                                                                                                                                                                                                            • LockFileEx.KERNEL32(?,00000001,00000000,000001FE,00000000,?), ref: 06A372A9
                                                                                                                                                                                                                                                                            • LockFile.KERNEL32(?,?,00000000,00000001,00000000), ref: 06A37328
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 06A37334
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileLock$ErrorLastVersion
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1561719237-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3bfd2e39acdf541182fcaa14a1e3a67579df4a1c66ef934f6a99a8b004416fda
                                                                                                                                                                                                                                                                            • Instruction ID: 1f3337751720744ccb64b66713470b15edc3fe8fedf71e719058214b9799c2f5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bfd2e39acdf541182fcaa14a1e3a67579df4a1c66ef934f6a99a8b004416fda
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0831E3B1A003219FE750EFA4CDC5B6B77E8EB88750F00453DFD598A251CB74D8458BA6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8AE20 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 06A8AE6C
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(100A5714,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 06A8AE7D
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 06A8AEB6
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 06A8AED1
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8A360: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,00000000,?,?,?,?), ref: 06A8A3B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.sqlite3_reset.sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4099663647-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3ba7e0a56c5fa996aa4db49fbd6bea0944d814c9adce6618597594b89a2a4906
                                                                                                                                                                                                                                                                            • Instruction ID: 85380b1ffee6fdcf64ede9e4f8f73f30b10a94a8bb525338b9abc7fb0a137422
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ba7e0a56c5fa996aa4db49fbd6bea0944d814c9adce6618597594b89a2a4906
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD21A175B002109FDB90FF18ED80B2773E8EB89224F154966EE09DF342E625F845C762
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A56BB0 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?), ref: 06A56C05
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?), ref: 06A56C3F
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,06A55FA8,?,?,?,06A5E8DC,?,?,00000000,?,?), ref: 06A56C87
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(D13B6608,?,00000000,?,?,?,?,?,?,?,?,?,06A5E6E7,?,?,00000000), ref: 06A56CB9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-0
                                                                                                                                                                                                                                                                            • Opcode ID: 41824a749fec50737e5c104f99d17537aba31f841744accc16f8a3c8cad933f7
                                                                                                                                                                                                                                                                            • Instruction ID: 27d41d10ef71b6ca7d6bff5d70ed90a3644189f286a391390c4f657d47edfa88
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41824a749fec50737e5c104f99d17537aba31f841744accc16f8a3c8cad933f7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22311E70901B41DBDFB0EF21D580B9BB3A4EF04201F569D1BDD6BAA225D731B440CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A99990 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_mprintf.SYSTEM.DATA.SQLITE(100A948C,?,00000000,?,06A99AFA,?,?,?,?,?,?,?,?,?,?,?), ref: 06A999A0
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,000000FF,00000001,00000000), ref: 06A999CC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.sqlite3_mprintf.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 717080204-0
                                                                                                                                                                                                                                                                            • Opcode ID: 05e7f3a40b6f2cac70ed3dbf1262e2ecd1a4af63ba34da457b8507f97f47e116
                                                                                                                                                                                                                                                                            • Instruction ID: e993e519f2a8c46fc9e2b1b53e6070877ea8395fa71a6938b9c2095e2a7203d8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05e7f3a40b6f2cac70ed3dbf1262e2ecd1a4af63ba34da457b8507f97f47e116
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7821C575F002106BDEA0BB69DC44B5B73E4DF80661F2E0428F919DB640EB30E851C7B2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A37080 Relevance: 6.1, APIs: 4, Instructions: 76fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLast$PointerWrite
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2977825765-0
                                                                                                                                                                                                                                                                            • Opcode ID: c43b6f8b6047ec5d699f0acfe7fc8071b8cbdc1ae7807661d6a717d0b820b374
                                                                                                                                                                                                                                                                            • Instruction ID: 001a191fdef7692c9be4a135b4fba438d9231f8019f817700b8cde320e362d25
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c43b6f8b6047ec5d699f0acfe7fc8071b8cbdc1ae7807661d6a717d0b820b374
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7521A477A043259BD750EF68EC44B6BB3E8FBC4660F444A1EF924CB250D734D9088BA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A90C90 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8FA30: _memset.LIBCMT ref: 06A8FA44
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8FA30: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,06A91018,?,?,?,?,?,?,?,?), ref: 06A8FA6F
                                                                                                                                                                                                                                                                              • Part of subcall function 06A90750: sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A90813
                                                                                                                                                                                                                                                                              • Part of subcall function 06A90750: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?), ref: 06A9084D
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,06A91018,?), ref: 06A90CEA
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?), ref: 06A90CFE
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,06A91018), ref: 06A90D0F
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,06A91018), ref: 06A90D20
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.$_memsetsqlite3_finalize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3121088431-0
                                                                                                                                                                                                                                                                            • Opcode ID: a618862ac76e2afdc8e67124b5398f7a3cae33a1fc3d0abfbefa40c4fcb7236f
                                                                                                                                                                                                                                                                            • Instruction ID: 03993951330537562be2a2fde869253ed0f5085dff6841cca4d22944327fa1d7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a618862ac76e2afdc8e67124b5398f7a3cae33a1fc3d0abfbefa40c4fcb7236f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8811A0B6A043006FDA90FB699D44D2BB3E89FC8654F15892CF869D7341E634F904C6B3
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A90BF0 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8FA30: _memset.LIBCMT ref: 06A8FA44
                                                                                                                                                                                                                                                                              • Part of subcall function 06A8FA30: sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,06A91018,?,?,?,?,?,?,?,?), ref: 06A8FA6F
                                                                                                                                                                                                                                                                              • Part of subcall function 06A90750: sqlite3_initialize.SYSTEM.DATA.SQLITE ref: 06A90813
                                                                                                                                                                                                                                                                              • Part of subcall function 06A90750: sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,?,?,?,?), ref: 06A9084D
                                                                                                                                                                                                                                                                            • sqlite3_reset.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,06A90F2A,?), ref: 06A90C3B
                                                                                                                                                                                                                                                                            • sqlite3_finalize.SYSTEM.DATA.SQLITE(?), ref: 06A90C4F
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,06A90F2A), ref: 06A90C60
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,06A90F2A), ref: 06A90C71
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.$sqlite3_initialize.$_memsetsqlite3_finalize.sqlite3_reset.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3121088431-0
                                                                                                                                                                                                                                                                            • Opcode ID: 298efb08df3264bb4281b1cde3a3c98b639049aea78376bcf764cd63d41d36da
                                                                                                                                                                                                                                                                            • Instruction ID: 7e11ee05ddfde02d8f4039fc9345426cc05d912e53c27d62313df3b06b966349
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 298efb08df3264bb4281b1cde3a3c98b639049aea78376bcf764cd63d41d36da
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B01C4B9E043006BDA90F7299D45F1BB3E89FC4654F150A2CF959EB281E231F904C6B2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A36EB0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • AreFileApisANSI.KERNEL32(?,00000000,?,?,06A37733,00000000), ref: 06A36EB8
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,?,06A37733,00000000), ref: 06A36ED3
                                                                                                                                                                                                                                                                            • _malloc.LIBCMT ref: 06A36EDC
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA0406: __FF_MSGBANNER.LIBCMT ref: 06AA0429
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA0406: __NMSG_WRITE.LIBCMT ref: 06AA0430
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 06A36EFB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ApisFile_malloc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 433779604-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2e0d4b01ebd9c120233fcf3167fc352223ff34c4a002518f4ce3fdfd55781288
                                                                                                                                                                                                                                                                            • Instruction ID: 4d98b3ff56e08f90554fa9811e68c95f101209c32a8a1dea69e551e69723334e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e0d4b01ebd9c120233fcf3167fc352223ff34c4a002518f4ce3fdfd55781288
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2F0B4773803343BF56022665C89F7B7B5CDBC2AB6F310236FB29DA1D1EA55A80241B5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A36E40 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • AreFileApisANSI.KERNEL32(?,?,?,?,06A36F2B,?), ref: 06A36E48
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,?,?,?,?,06A36F2B,?), ref: 06A36E5F
                                                                                                                                                                                                                                                                            • _malloc.LIBCMT ref: 06A36E6D
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA0406: __FF_MSGBANNER.LIBCMT ref: 06AA0429
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA0406: __NMSG_WRITE.LIBCMT ref: 06AA0430
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 06A36E88
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ApisFile_malloc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 433779604-0
                                                                                                                                                                                                                                                                            • Opcode ID: fb12760e779597465743c80701feeb52d991a49523f7f5ab92d53f249baf18bd
                                                                                                                                                                                                                                                                            • Instruction ID: 348665ef1d53c283e06c9da91363f498f81674237f90b9cc9b3d3c081a8ebc74
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb12760e779597465743c80701feeb52d991a49523f7f5ab92d53f249baf18bd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1F0B1737413343BF55026955CC8FA7779CEB81576F310336FA29C61C0E655A41541A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A8FB60 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_step.SYSTEM.DATA.SQLITE(?,00000000,06A90A20,?,?), ref: 06A8FB86
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_step.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1985239515-0
                                                                                                                                                                                                                                                                            • Opcode ID: a7de1a8c6ecedfc00d904b52adbf360bbc89eec47dff0d177f8a4d6a92276150
                                                                                                                                                                                                                                                                            • Instruction ID: 5a1a019ae2f39cc38578c0ecfcd58b997adfe2a0debb292f07cd325e1bc8de92
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7de1a8c6ecedfc00d904b52adbf360bbc89eec47dff0d177f8a4d6a92276150
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D20149F2A005026FEBD0FF38FD08B56B298BF40244F054628E819CBA41E734F9A4C6E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AB468D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3016257755-0
                                                                                                                                                                                                                                                                            • Opcode ID: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
                                                                                                                                                                                                                                                                            • Instruction ID: b251e8c1569947a413572f8a39bdeb6c30e23dfe38e536874c2d9920e044127d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A117E3240014ABBCF926F84DC51CEE3FBAFB0C254B499915FA2858036D736C5B1EB85
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AA038C Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __FF_MSGBANNER.LIBCMT ref: 06AA039A
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5831: __set_error_mode.LIBCMT ref: 06AA5833
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5831: __set_error_mode.LIBCMT ref: 06AA5840
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5831: __NMSG_WRITE.LIBCMT ref: 06AA5858
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5831: __NMSG_WRITE.LIBCMT ref: 06AA5862
                                                                                                                                                                                                                                                                            • __NMSG_WRITE.LIBCMT ref: 06AA03A1
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5660: __set_error_mode.LIBCMT ref: 06AA5691
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5660: __set_error_mode.LIBCMT ref: 06AA56A2
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5660: _strcpy_s.LIBCMT ref: 06AA56D6
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5660: __invoke_watson.LIBCMT ref: 06AA56E7
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5660: GetModuleFileNameA.KERNEL32(00000000,100D5369,00000104), ref: 06AA5703
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5660: _strcpy_s.LIBCMT ref: 06AA5718
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5660: __invoke_watson.LIBCMT ref: 06AA572B
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5660: _strlen.LIBCMT ref: 06AA5734
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5660: _strlen.LIBCMT ref: 06AA5741
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5660: __invoke_watson.LIBCMT ref: 06AA576E
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5334: ___crtCorExitProcess.LIBCMT ref: 06AA533C
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA5334: ExitProcess.KERNEL32 ref: 06AA5345
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?), ref: 06AA03CD
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?), ref: 06AA03FD
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA033D: __lock.LIBCMT ref: 06AA035A
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA033D: ___sbh_alloc_block.LIBCMT ref: 06AA0365
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __set_error_mode$__invoke_watson$AllocateExitHeapProcess_strcpy_s_strlen$FileModuleName___crt___sbh_alloc_block__lock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1143316348-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2fce09640a9632dd4d88ede4812752d5ef5d1e2e4b692a8dc7f462da8fbc801f
                                                                                                                                                                                                                                                                            • Instruction ID: 17e49521653e3e4856e64b8b9ed2cc7b9a0f35e583dbc4560558089d804f5d56
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fce09640a9632dd4d88ede4812752d5ef5d1e2e4b692a8dc7f462da8fbc801f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54F0A431D5132567EB903B14DC81FAE7788EF01239F290123FC98DB0D0C761989097B8
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A95150 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_create_function.SYSTEM.DATA.SQLITE(00000000,100A90F4,00000001,00000005,00000000,10064E00,00000000,00000000,00000000,06A92BBB,?,?,?,?,00000000), ref: 06A95165
                                                                                                                                                                                                                                                                            • sqlite3_create_function.SYSTEM.DATA.SQLITE(00000000,100A90F4,00000002,00000005,00000000,10064E00,00000000,00000000,?,?,?,?,?,?,00000000,06A92BBB), ref: 06A95185
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,?,?,00000000,06A92BBB,?,?,?,?,00000000), ref: 06A95191
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,00000000,?,?,?,?,?,?,00000000,06A92BBB,?,?,?,?,00000000), ref: 06A95198
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_create_function.sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4129772995-0
                                                                                                                                                                                                                                                                            • Opcode ID: cb9ce949e22b086f890ba0a700b264dae885ccfabfbd679566297cdbc0bf2e0f
                                                                                                                                                                                                                                                                            • Instruction ID: 7dede8b8373b3c7af966e006c236b6cdbf89c2664082d6ebb42e58546f96ceb2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb9ce949e22b086f890ba0a700b264dae885ccfabfbd679566297cdbc0bf2e0f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AE01A61B8462039F5B079A12D4BFA714498741F55F261000BF29BD2C1F986595041E5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06AA38BE Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 06AA38CA
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA4BA1: __getptd_noexit.LIBCMT ref: 06AA4BA4
                                                                                                                                                                                                                                                                              • Part of subcall function 06AA4BA1: __amsg_exit.LIBCMT ref: 06AA4BB1
                                                                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 06AA38E1
                                                                                                                                                                                                                                                                            • __amsg_exit.LIBCMT ref: 06AA38EF
                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 06AA38FF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3521780317-0
                                                                                                                                                                                                                                                                            • Opcode ID: a31782cb15f660484bc5ef6e1f95dfe95e87aac54add8801ea27736007a40f31
                                                                                                                                                                                                                                                                            • Instruction ID: 5b481a19caaf7878a71ec2b3e578f9e7f1987a2145b2e39e7e4dc80b9b38674e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a31782cb15f660484bc5ef6e1f95dfe95e87aac54add8801ea27736007a40f31
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34F03A329107109BEBE0BB648E0675D73E0AF08721F16825BD960DB290CB74A945DB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A81D60 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 456COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,00000000,?,?,?,?,?,?,?,?,06A80F46,00000000), ref: 06A81F5B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID: 8$@
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-1376636172
                                                                                                                                                                                                                                                                            • Opcode ID: bc15783f4746544e86577555f62e736c0206f7a8df4c5613d970a6bd86680ceb
                                                                                                                                                                                                                                                                            • Instruction ID: 61b4ad4fbc3671348df8b79120e0a245a82ddb583f53c8f9f83a42c72ffc16f5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc15783f4746544e86577555f62e736c0206f7a8df4c5613d970a6bd86680ceb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90226930908746CFC754EF18C580A69FBF1FF89304B598AAED4998B712D330EA56CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A31D7F Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 417COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A31DBA
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 06A31DF6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_memset
                                                                                                                                                                                                                                                                            • String ID: -
                                                                                                                                                                                                                                                                            • API String ID: 121741435-2547889144
                                                                                                                                                                                                                                                                            • Opcode ID: bf33f1cf4e03237f2b91527af349dee57237421e3c940ee94756ea2a20051470
                                                                                                                                                                                                                                                                            • Instruction ID: 9da092b00320ef20c0cd3762b749d369ee9777bac10af96356b901f9c8e2c8d7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf33f1cf4e03237f2b91527af349dee57237421e3c940ee94756ea2a20051470
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1E14C72E083944BD791AF38CC903E97FE1AF86274F594699F8958B291E727C90CC391
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A973D0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 412COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_initialize.SYSTEM.DATA.SQLITE(?,?,?,?), ref: 06A973F6
                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 06A97430
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memsetsqlite3_initialize.
                                                                                                                                                                                                                                                                            • String ID: VUUU
                                                                                                                                                                                                                                                                            • API String ID: 3439443177-2040033107
                                                                                                                                                                                                                                                                            • Opcode ID: 43189e27e5d124649a52a8fbefa6de00466b30e27434250f962102f85abfd2cb
                                                                                                                                                                                                                                                                            • Instruction ID: 4d8795c63b6e1e9ab757bd56a4dda534071173344bdf4681dc4b1e612df3508e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43189e27e5d124649a52a8fbefa6de00466b30e27434250f962102f85abfd2cb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0F17C71A08342CFDB64DF18D984A5ABBE0FFC4304F26492DE98597250D731E964CFA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A40E00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 175COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,00000001), ref: 06A40E24
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID: gfff$gfff
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-3084402119
                                                                                                                                                                                                                                                                            • Opcode ID: 661ef2aca5a865cce4cc31f93e0e4b1c015e7a38aace69bbfd0534e13cbbf828
                                                                                                                                                                                                                                                                            • Instruction ID: 92987cb56505bb3d72ee37649c24fcc8b48fdb1c161a987df879c7299d310581
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 661ef2aca5a865cce4cc31f93e0e4b1c015e7a38aace69bbfd0534e13cbbf828
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4751BC70A043458FC364EF2DCC84A2ABBE1BFD4200F09497DE9958B252E775E849D796
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06A3AAC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(00000000,?,?,?,?,06A3ABFD,00000000,?,?,?,?,?,?,?,00000000), ref: 06A3AB05
                                                                                                                                                                                                                                                                              • Part of subcall function 06A385D0: sqlite3_free.SYSTEM.DATA.SQLITE(06A3F98E,00000000,06A3ABEC,?,06A3F98E,00000000,00000000,06A3BEFA,00000000,00000000,00000000,?,06A3F98E,00000000), ref: 06A38606
                                                                                                                                                                                                                                                                            • sqlite3_free.SYSTEM.DATA.SQLITE(?,?,?,?,06A3ABFD,00000000,?,?,?,?,?,?,?,00000000), ref: 06A3AB4A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000033.00000002.2345611028.0000000006A31000.00000020.00000001.01000000.0000000D.sdmp, Offset: 06A30000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2345575456.0000000006A30000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2346859297.0000000006ACF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347188487.0000000006B03000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000033.00000002.2347226842.0000000006B08000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_51_2_6a30000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: sqlite3_free.
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3431659745-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: e6443a48c8dbf4c273a99078ace731f31c681c37b3f2c2159df58f6707398adf
                                                                                                                                                                                                                                                                            • Instruction ID: 682f6f4ec6f8997cee315d49d8aa18f3cfded0365e621f124a8fb84b07d34c60
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6443a48c8dbf4c273a99078ace731f31c681c37b3f2c2159df58f6707398adf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9114CB5D003649FDB94EF09D98081ABBA5FF80210F15846AFD998F206E339E945CF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:6.3%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                                                            Total number of Nodes:120
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:16
                                                                                                                                                                                                                                                                            execution_graph 51671 6362c65 51677 33ca288 51671->51677 51682 33ca253 51671->51682 51687 33ca230 51671->51687 51693 33ca277 51671->51693 51672 6362bf2 51679 33ca296 51677->51679 51678 33ca2a2 51678->51672 51679->51678 51698 a5be14d 51679->51698 51704 a5bdee6 51679->51704 51684 33ca25f 51682->51684 51683 33ca2a2 51683->51672 51684->51672 51684->51683 51685 a5be14d 2 API calls 51684->51685 51686 a5bdee6 2 API calls 51684->51686 51685->51684 51686->51684 51688 33ca23f 51687->51688 51690 33ca27a 51687->51690 51688->51672 51689 33ca2a2 51689->51672 51690->51689 51691 a5be14d 2 API calls 51690->51691 51692 a5bdee6 2 API calls 51690->51692 51691->51690 51692->51690 51695 33ca27a 51693->51695 51694 33ca2a2 51694->51672 51695->51694 51696 a5be14d 2 API calls 51695->51696 51697 a5bdee6 2 API calls 51695->51697 51696->51695 51697->51695 51700 a5bdee2 51698->51700 51699 a5bde95 51699->51679 51700->51699 51710 33cd3e0 51700->51710 51714 33cd3d1 51700->51714 51718 a5be850 51700->51718 51705 a5bde95 51704->51705 51706 a5bdee2 51704->51706 51705->51679 51706->51704 51706->51705 51707 33cd3e0 GetNativeSystemInfo 51706->51707 51708 33cd3d1 GetNativeSystemInfo 51706->51708 51709 a5be850 GetPrivateProfileSectionW 51706->51709 51707->51706 51708->51706 51709->51706 51712 33cd3ea 51710->51712 51711 33cd424 51711->51700 51712->51711 51722 33cd470 51712->51722 51716 33cd3e0 51714->51716 51715 33cd424 51715->51700 51716->51715 51717 33cd470 GetNativeSystemInfo 51716->51717 51717->51716 51719 a5be876 51718->51719 51721 a5be8ba 51719->51721 51731 a5bdd44 51719->51731 51721->51700 51723 33cd489 51722->51723 51725 33cd8dd 51722->51725 51723->51712 51728 33cf028 51725->51728 51729 33cf06e GetNativeSystemInfo 51728->51729 51730 33cd8e5 51729->51730 51732 a5beab0 GetPrivateProfileSectionW 51731->51732 51734 a5beb4d 51732->51734 51734->51721 51667 3340c70 51668 3340c95 RtlQueryWnfStateDataWithExplicitScope 51667->51668 51670 3340d79 51668->51670 51764 63426b0 51765 63426c2 51764->51765 51766 63426c8 51765->51766 51769 634303d 51765->51769 51773 6342fc1 51765->51773 51777 6348e00 51769->51777 51781 6348df0 51769->51781 51770 6343045 51775 6348e00 3 API calls 51773->51775 51776 6348df0 3 API calls 51773->51776 51774 6342fc9 51775->51774 51776->51774 51778 6348e0f 51777->51778 51785 6348e68 51778->51785 51782 6348e0f 51781->51782 51784 6348e68 3 API calls 51782->51784 51783 6348e3a 51783->51770 51784->51783 51786 6348e69 51785->51786 51786->51786 51790 6348eb0 51786->51790 51798 6348ea0 51786->51798 51787 6348e3a 51787->51770 51791 6348ee5 51790->51791 51792 6348ebd 51790->51792 51806 6348034 51791->51806 51792->51787 51794 6348f06 51794->51787 51796 6348fce GlobalMemoryStatusEx 51797 6348ffe 51796->51797 51797->51787 51799 6348ee5 51798->51799 51800 6348ebd 51798->51800 51801 6348034 GlobalMemoryStatusEx 51799->51801 51800->51787 51803 6348f02 51801->51803 51802 6348f06 51802->51787 51803->51802 51804 6348fce GlobalMemoryStatusEx 51803->51804 51805 6348ffe 51804->51805 51805->51787 51807 6348f88 GlobalMemoryStatusEx 51806->51807 51809 6348f02 51807->51809 51809->51794 51809->51796 51810 19bd01c 51811 19bd034 51810->51811 51812 19bd08f 51811->51812 51814 3348de0 51811->51814 51815 3348e08 51814->51815 51816 3348e2f 51815->51816 51818 3349290 51815->51818 51819 33492b5 51818->51819 51820 3348590 VirtualProtect 51819->51820 51822 3349362 51819->51822 51821 3349356 51820->51821 51821->51816 51822->51816 51735 3340848 51738 3340851 51735->51738 51739 33450e5 51735->51739 51742 33424e2 51735->51742 51745 3348590 51739->51745 51753 33494c0 51742->51753 51746 33485a3 51745->51746 51749 3348980 51746->51749 51750 33489c8 VirtualProtect 51749->51750 51752 3345100 51750->51752 51756 3342f72 51753->51756 51757 334952f 51756->51757 51760 33495a0 51757->51760 51761 33495e0 VirtualAlloc 51760->51761 51763 3342502 51761->51763 51827 3348698 51830 33486eb LoadLibraryA 51827->51830 51829 3348799 51830->51829 51823 19bd104 51824 19bd11c 51823->51824 51825 19bd177 51824->51825 51826 3348de0 VirtualProtect 51824->51826 51826->51825

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 03340C60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 180COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 135 3340c60-3340c69 136 3340c6b-3340c8a 135->136 137 3340c95-3340f31 RtlQueryWnfStateDataWithExplicitScope 136->137
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlQueryWnfStateDataWithExplicitScope.NTDLL ref: 03340D58
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2395623083.0000000003340000.00000040.00000800.00020000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_3340000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DataExplicitQueryScopeStateWith
                                                                                                                                                                                                                                                                            • String ID: 4']q$4']q
                                                                                                                                                                                                                                                                            • API String ID: 3279660690-3120983240
                                                                                                                                                                                                                                                                            • Opcode ID: 89a3f3135ab2d1e0ab890eb5d8a6b0a42dcce33d98f44507b380201b561ed1fd
                                                                                                                                                                                                                                                                            • Instruction ID: 2175edd80b74a670701539a92410f77d8b20f5497517c63f3fed3d68e966ee51
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89a3f3135ab2d1e0ab890eb5d8a6b0a42dcce33d98f44507b380201b561ed1fd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90713170A082058FD708DF6AF59069A7BE7FFC9304F14C529C0099B269DF386D0ADB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03340C70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 172 3340c70-3340c8a 173 3340c95-3340f31 RtlQueryWnfStateDataWithExplicitScope 172->173
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlQueryWnfStateDataWithExplicitScope.NTDLL ref: 03340D58
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2395623083.0000000003340000.00000040.00000800.00020000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_3340000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DataExplicitQueryScopeStateWith
                                                                                                                                                                                                                                                                            • String ID: 4']q$4']q
                                                                                                                                                                                                                                                                            • API String ID: 3279660690-3120983240
                                                                                                                                                                                                                                                                            • Opcode ID: 63e9b9a332e81af3802641338a03685e1665078df0b97eead11e03c00f8597a6
                                                                                                                                                                                                                                                                            • Instruction ID: 0b6b9c783503a0f033f2c382751fc1a7d0e377fe8eaf3fbdaf244b93077003a0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63e9b9a332e81af3802641338a03685e1665078df0b97eead11e03c00f8597a6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB711E70A082058FD748DF6AE59069ABBE7FFC9304F14C539C0099B269DF396D0ADB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA12C9 Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 935b02555a958ff68240ffa02782c432fb34bb9998ff5b0322fd782a2796e7c4
                                                                                                                                                                                                                                                                            • Instruction ID: 261d59a1725ba7467ee8a6002d55a96aa9a29f2801cea94fa5b211d35a1059a5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 935b02555a958ff68240ffa02782c432fb34bb9998ff5b0322fd782a2796e7c4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAF11D35A04215CFCB15DF29C884AAAB7B6FF89300F5585DAD84A9B361DB31ED81CF81
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06362B78 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 5e44c437937812d0b846ab5fd0b271909d631b6a80554d08ba1f68ffec7e5ab4
                                                                                                                                                                                                                                                                            • Instruction ID: 07f521198bfdbc8065040f90ef7a196039b431b05aff97c94d93e2859b7a844b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e44c437937812d0b846ab5fd0b271909d631b6a80554d08ba1f68ffec7e5ab4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE713970E04218CFDB54CF6AD98879AB7B6FF85305F01C0A9E1099B358DB755A84CF80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06403288 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 428 6403288-64032b8 429 64032b9 428->429 430 64032bf-64032c2 429->430 431 6403420-6403434 430->431 432 64032c8 430->432 433 6403440-640344c 431->433 458 6403436-640343b 431->458 432->431 432->433 434 6403485-6403499 432->434 435 64034a5-64034b8 432->435 436 6403388-6403394 432->436 437 6403509 432->437 438 64032cf-64032fc 432->438 439 6403451-6403480 432->439 440 64034f2-64034f4 432->440 441 6403354-6403383 432->441 442 64034ba-64034cd 432->442 443 640331a-6403348 432->443 444 64034fa-6403507 432->444 445 64032fe-640330c 432->445 433->430 434->431 459 640349b-64034a0 434->459 446 64034cf-64034e1 435->446 466 640339c-640341b 436->466 438->430 439->430 440->444 447 64034f6-64034f8 440->447 441->430 442->446 443->445 470 640334a-640334f 443->470 451 64034e6-64034e9 444->451 445->438 462 640330e-6403318 445->462 446->451 447->451 451->437 461 64034eb 451->461 458->430 459->430 461->437 461->440 461->444 462->429 466->430 470->430
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: PH]q$`Q]q
                                                                                                                                                                                                                                                                            • API String ID: 0-2790359648
                                                                                                                                                                                                                                                                            • Opcode ID: 28d49ec0d906c087a5803a9a85277759be834c4ce3dc76f2b38e8d7de9fbb1a5
                                                                                                                                                                                                                                                                            • Instruction ID: ae4b5df0dea1c7ed00d39e7872161d64ef5a97c27c4824fa898f1f02e6d1f6b9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28d49ec0d906c087a5803a9a85277759be834c4ce3dc76f2b38e8d7de9fbb1a5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1519174A1422A9FEB629F68C9597AE7BB1FB44300F0041ABE50AE73C1DB354D85CF85
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06348EB0 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 772 6348eb0-6348ebb 773 6348ee5-6348f04 call 6348034 772->773 774 6348ebd-6348ee4 call 6348028 772->774 780 6348f06-6348f09 773->780 781 6348f0a-6348f69 773->781 788 6348f6f-6348ffc GlobalMemoryStatusEx 781->788 789 6348f6b-6348f6e 781->789 793 6349005-634902d 788->793 794 6348ffe-6349004 788->794 794->793
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2435549961.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6340000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8cebc5597c989475f298d7f926142557411cc4d8105c490f5dd621ac6d7894d6
                                                                                                                                                                                                                                                                            • Instruction ID: 46cbeb0de85fc4422088c62bf10cbb7e674cb705194b346a84df5297a6931fe0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cebc5597c989475f298d7f926142557411cc4d8105c490f5dd621ac6d7894d6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F410131E043598FCB14DFA9D8446AEFBF5EF89310F15896AD508A7241DB78E885CBE0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03348698 Relevance: 1.6, APIs: 1, Instructions: 96libraryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 797 3348698-33486f7 799 33486f9-334871e 797->799 800 334874b-3348797 LoadLibraryA 797->800 799->800 803 3348720-3348722 799->803 804 33487a0-33487d1 800->804 805 3348799-334879f 800->805 807 3348724-334872e 803->807 808 3348745-3348748 803->808 810 33487e1 804->810 811 33487d3-33487d7 804->811 805->804 812 3348730 807->812 813 3348732-3348741 807->813 808->800 811->810 814 33487d9-33487dc call 334019c 811->814 812->813 813->813 815 3348743 813->815 814->810 815->808
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?), ref: 03348787
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2395623083.0000000003340000.00000040.00000800.00020000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_3340000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3039dbbdf864a4f7a8c4c0852937112745fdb3b7b45ba72ecbe1c84060d40506
                                                                                                                                                                                                                                                                            • Instruction ID: e344818a0867f75e56d2a7bf84f7cf901b74e3aac1707bed2f75b1b3a86a972f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3039dbbdf864a4f7a8c4c0852937112745fdb3b7b45ba72ecbe1c84060d40506
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 624156B0D002588FDB10CFA9CA95B9EFFF6EF48704F148129E819AB280D775A845CF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0A5BDD22 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 817 a5bdd22-a5bdd23 818 a5bdd1d-a5bdd21 817->818 819 a5bdd25-a5bdd2a 817->819 820 a5bdd2c-a5bdd31 819->820 821 a5bdd33-a5be6be 819->821 820->821 824 a5be6cc-a5be6f9 GetPrivateProfileSectionNamesW 821->824 825 a5be6c0-a5be6c9 821->825 826 a5be6fb-a5be701 824->826 827 a5be702-a5be716 824->827 825->824 826->827
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionNamesW.KERNEL32(?,00200000,00000000), ref: 0A5BE6EC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2455805379.000000000A5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_a5b0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: NamesPrivateProfileSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 709140578-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4d12d1dd18fd297a9fcd7fa7aa50a5321df38e2da71dd433bde22de58f1c96f0
                                                                                                                                                                                                                                                                            • Instruction ID: 556830f9d8d6b87f169a5b3a7d864b17b522b52074db2300688ef3a3afb8e525
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d12d1dd18fd297a9fcd7fa7aa50a5321df38e2da71dd433bde22de58f1c96f0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 732157B19142499FCB10CF9AD489BDEBBF4FB48310F14842AE859A7751C378A984CFA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0A5BEAAA Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 829 a5beaaa-a5beaff 832 a5beb01-a5beb04 829->832 833 a5beb07-a5beb0d 829->833 832->833 834 a5beb1b-a5beb4b GetPrivateProfileSectionW 833->834 835 a5beb0f-a5beb18 833->835 836 a5beb4d-a5beb53 834->836 837 a5beb54-a5beb68 834->837 835->834 836->837
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000000,00000000,?,00000000), ref: 0A5BEB3E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2455805379.000000000A5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_a5b0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PrivateProfileSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1752416829-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1eac1b309cb44c3c14ccf1de6d2f1e7099434976717b33429e0835c6d1885144
                                                                                                                                                                                                                                                                            • Instruction ID: 09b14e2f2e63e5ad93d633dcd766676d43ea43725ee35f1d37b2af12a802d7c4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1eac1b309cb44c3c14ccf1de6d2f1e7099434976717b33429e0835c6d1885144
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E2115B1811659EFCB05CF9AD885ADEFFB4FF08314F15825AE909A7250C374A944CFA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0A5BDD44 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 839 a5bdd44-a5beaff 842 a5beb01-a5beb04 839->842 843 a5beb07-a5beb0d 839->843 842->843 844 a5beb1b-a5beb4b GetPrivateProfileSectionW 843->844 845 a5beb0f-a5beb18 843->845 846 a5beb4d-a5beb53 844->846 847 a5beb54-a5beb68 844->847 845->844 846->847
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000000,00000000,?,00000000), ref: 0A5BEB3E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2455805379.000000000A5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_a5b0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PrivateProfileSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1752416829-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2e71e565b7a6832186889022d0c252aa6d6563b14be8a9201ff5b34544dda62f
                                                                                                                                                                                                                                                                            • Instruction ID: ce4e1d282ca574a049e5344bcbb165c4bff40e0d92f1632e0bd4327a16d72432
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e71e565b7a6832186889022d0c252aa6d6563b14be8a9201ff5b34544dda62f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F52124B1910219EFCB10CF99D885ADEFBB4FF08314F14811AE909A7240C374A944CFE1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0A5BE668 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 858 a5be668-a5be6be 861 a5be6cc-a5be6f9 GetPrivateProfileSectionNamesW 858->861 862 a5be6c0-a5be6c9 858->862 863 a5be6fb-a5be701 861->863 864 a5be702-a5be716 861->864 862->861 863->864
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionNamesW.KERNEL32(?,00200000,00000000), ref: 0A5BE6EC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2455805379.000000000A5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_a5b0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: NamesPrivateProfileSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 709140578-0
                                                                                                                                                                                                                                                                            • Opcode ID: 24080646965ead5be98b694937fa345a7fa45d7c371986899c1357c8c03cac2b
                                                                                                                                                                                                                                                                            • Instruction ID: ee19974020fe8e6d5d1f1ad8a2a3c9ef2a74824e1620b436729621cf9da30b00
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24080646965ead5be98b694937fa345a7fa45d7c371986899c1357c8c03cac2b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 802124B19102498FCB14CFAAD489BDEBFF4FB48310F14842AE819A7350D378A944CFA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0A5BDD2C Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 849 a5bdd2c-a5be6be 853 a5be6cc-a5be6f9 GetPrivateProfileSectionNamesW 849->853 854 a5be6c0-a5be6c9 849->854 855 a5be6fb-a5be701 853->855 856 a5be702-a5be716 853->856 854->853 855->856
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionNamesW.KERNEL32(?,00200000,00000000), ref: 0A5BE6EC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2455805379.000000000A5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_a5b0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: NamesPrivateProfileSection
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 709140578-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8d8c5788b8e2fc9b1eed2bdfec199931093a4f004f830df373828315ef1d443a
                                                                                                                                                                                                                                                                            • Instruction ID: 855598dad9f68e4a59be3f17ae740f0393208ebd0feb6ffabdd82290215f645a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d8c5788b8e2fc9b1eed2bdfec199931093a4f004f830df373828315ef1d443a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB2124B19102499FCB14CF9AD489BDEBBF4FB48310F14842AE819A7350D778A984CFA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03348980 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VirtualProtect.KERNELBASE(?,?,?,?), ref: 033489F4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2395623083.0000000003340000.00000040.00000800.00020000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_3340000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                                                                                                                                                            • Opcode ID: c9e4e5e84a5684cdb5879ef1fca7724f320d60b50b89d886b21c62cb2f117c50
                                                                                                                                                                                                                                                                            • Instruction ID: 1963f543e2b150f0ce1d5169419e4a371d6005ffd1e67187cbaec3e1e7b1963a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9e4e5e84a5684cdb5879ef1fca7724f320d60b50b89d886b21c62cb2f117c50
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F21106B1D002499FCB14DFAAC884AEEFBF5FF48310F14842AD519A7250CB79A944CFA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06348034 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,06348F02), ref: 06348FEF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2435549961.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6340000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: GlobalMemoryStatus
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1890195054-0
                                                                                                                                                                                                                                                                            • Opcode ID: a1bb3a7b69475b961340406e27e4c729bf872da46f3f104d201407bbb409403c
                                                                                                                                                                                                                                                                            • Instruction ID: 51a4eafa0fdd15f4da3a4a003c80888090dffb4ddfbaa9e12c98bd0643dd4b10
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1bb3a7b69475b961340406e27e4c729bf872da46f3f104d201407bbb409403c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 041133B1C006599BCB10DF9AD44479EFBF4EF08310F10812AE918A7240D378A944CFE1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06348F80 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,06348F02), ref: 06348FEF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2435549961.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6340000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: GlobalMemoryStatus
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1890195054-0
                                                                                                                                                                                                                                                                            • Opcode ID: d0c8bc0a964e1457372b23991a1d5200dc022fda230e62acae5da092938aad3a
                                                                                                                                                                                                                                                                            • Instruction ID: e17f5471651e942cc10b50d563fa3c5a88e39024550f4b04ef3464b3f7373fcf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0c8bc0a964e1457372b23991a1d5200dc022fda230e62acae5da092938aad3a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A61147B1C002599BCB10DF9AC4447DEFBF4EF48320F14825AD418A7280D778A944CFE1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 033CF028 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNELBASE ref: 033CF08F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2396293898.00000000033C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 033C0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_33c0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoNativeSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1721193555-0
                                                                                                                                                                                                                                                                            • Opcode ID: 606aa105cc3e50af826cdfd6d889806e85a4e0869465329f04b8775c0408128c
                                                                                                                                                                                                                                                                            • Instruction ID: d018f6333d4a98cad7ece65edfb8f601913cb11cd6a49ee4e9363901e004e167
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 606aa105cc3e50af826cdfd6d889806e85a4e0869465329f04b8775c0408128c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3611E0B1C002599BCB10DF9AD984A9EFBF9FF48714F10811AD818A7240D779A944CFE1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA2760 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: TJbq
                                                                                                                                                                                                                                                                            • API String ID: 0-1760495472
                                                                                                                                                                                                                                                                            • Opcode ID: e931767cc7ab6b4b3c677fff49cd36a42f19821dfecd9a40ab90c3becc0d518e
                                                                                                                                                                                                                                                                            • Instruction ID: 2b32071a83dcd3bbe9193822cf00b2b2b5a4e6f85e946adc80f223ac0530ad7c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e931767cc7ab6b4b3c677fff49cd36a42f19821dfecd9a40ab90c3becc0d518e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5CA1A03AA041158BDB15DF66D844B6FF7B2FB48300F19416BD80AA7354EB35AE0B8B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06368BC0 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Ddq
                                                                                                                                                                                                                                                                            • API String ID: 0-562783569
                                                                                                                                                                                                                                                                            • Opcode ID: 4728fd436a95251999e6ad2e225ac7fdcc3605090d3ce3dd9776537b44afc03e
                                                                                                                                                                                                                                                                            • Instruction ID: d150f56e86bddf29c4f41560d437b8d9d0076a6bc875727c108512c017b7d583
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4728fd436a95251999e6ad2e225ac7fdcc3605090d3ce3dd9776537b44afc03e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5781A070A002009FC754DF69D594B6ABBE6FF88310F51C469E4099B3A5DF35EC09CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06400E9E Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: PH]q
                                                                                                                                                                                                                                                                            • API String ID: 0-3168235125
                                                                                                                                                                                                                                                                            • Opcode ID: 9fd9122d7d06ed0c6ed0e11fe3226890733fff8f875c2c16d01f8e8916f08caf
                                                                                                                                                                                                                                                                            • Instruction ID: 127fd8da67e59d9034508932a3de6262ff8104a7e8180cd00d073e682fc808a1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fd9122d7d06ed0c6ed0e11fe3226890733fff8f875c2c16d01f8e8916f08caf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89510874E19269CFEF64CFA5C98979DBBB2BB44300F1081AAD50AA7390DB704E85CF40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA24D3 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: TJbq
                                                                                                                                                                                                                                                                            • API String ID: 0-1760495472
                                                                                                                                                                                                                                                                            • Opcode ID: fded8bb609e3ce15d3def90ce304eb42d72cfbbe603536d2052f2d8d0b163cb0
                                                                                                                                                                                                                                                                            • Instruction ID: 4ac4bec46e78cc028a36be11c99fa43cab66df483eb3372d40a4401951cb55d0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fded8bb609e3ce15d3def90ce304eb42d72cfbbe603536d2052f2d8d0b163cb0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F3171397112108FD7249F79E85DB3A7AE7BB89721F05406AF40BC73A1CE65DC058B92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 033495A0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0334960B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2395623083.0000000003340000.00000040.00000800.00020000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_3340000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                            • Opcode ID: f9185b09ad9f1595adc714e56a84cc97877ef9e0490ad794ce59bc551a2a235d
                                                                                                                                                                                                                                                                            • Instruction ID: 12900f524976f721028226422fdf1a89c908e24232d7747e69f03b7548f428fc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9185b09ad9f1595adc714e56a84cc97877ef9e0490ad794ce59bc551a2a235d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B01137758002088FCB10DFAAC844BEFFBF5EF48320F148819D519A7250CB79A544CFA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636698C Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: x
                                                                                                                                                                                                                                                                            • API String ID: 0-2363233923
                                                                                                                                                                                                                                                                            • Opcode ID: 0cb3a91da0f837a74ac948aa27ee50fc90e744bcab578131f3241de69fd21380
                                                                                                                                                                                                                                                                            • Instruction ID: a972182aeffb467cee8bed3c7516a76513ee65e0c8cf4f64482c287e612582c9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cb3a91da0f837a74ac948aa27ee50fc90e744bcab578131f3241de69fd21380
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BF03730E2420A9FDF489F78E9A99AE7BB1BB40301B00496AA11A97390DE388945CF41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06367D83 Relevance: 1.3, Strings: 1, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: "
                                                                                                                                                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                                                                                                                                                            • Opcode ID: b60bcbc6c81b2b0374cd977025252557348c56dfef413f84dd5ce7860f3ba5a9
                                                                                                                                                                                                                                                                            • Instruction ID: deb913f2020fde81857b8494a0f99cbffd3bab6320d1762d785556668d4137ed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b60bcbc6c81b2b0374cd977025252557348c56dfef413f84dd5ce7860f3ba5a9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AEB0927100010AAFDF018F94E55D6893E68EB0031AF01A161E0120A219DF7C0948CB80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06366099 Relevance: 1.3, Strings: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: t
                                                                                                                                                                                                                                                                            • API String ID: 0-2238339752
                                                                                                                                                                                                                                                                            • Opcode ID: e750fbd652c01522bf2e7e2c603c7b89db8ccecb26915fd1f42df5baa9381b3c
                                                                                                                                                                                                                                                                            • Instruction ID: cfd34c7f782e6c572ff2c5fd35cc96c4143b2eaa20786a0e9feffa74878a5348
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e750fbd652c01522bf2e7e2c603c7b89db8ccecb26915fd1f42df5baa9381b3c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EA001748181079FEB444A56D2192A97EA4AB18216F409216B55651644CB7911068FC9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06367C4F Relevance: 1.3, Strings: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: !
                                                                                                                                                                                                                                                                            • API String ID: 0-2657877971
                                                                                                                                                                                                                                                                            • Opcode ID: d634705ff491c0f11d2c404a519a0b0d017659709547cac2d42f6ce2848504d9
                                                                                                                                                                                                                                                                            • Instruction ID: c792f32634726b0dba4c03bce1b1fa57be782b933a075d8e62abae339ead5ca0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d634705ff491c0f11d2c404a519a0b0d017659709547cac2d42f6ce2848504d9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93A001748182069EEB404E96A01D2AD7EB8A71421AF009016E41251648CAB841558FC1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 063636C2 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9d4331c87d5d79e097b88c4e00a777bed66a1be2401d8de05ab00173c10bd743
                                                                                                                                                                                                                                                                            • Instruction ID: abe3e08dae343de052c142408ddb8553474ce455062be4c02bb00c8011892b0a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d4331c87d5d79e097b88c4e00a777bed66a1be2401d8de05ab00173c10bd743
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AA1B534B042068FF795AB2AC49476B66EBFBC4704F51C125A90ADB388DF34DE4987D1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA216D Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d3faa0e07a79b93edee09cc3cae358c4fd20fb84fa1bf3c44060cfd7e9f5d76d
                                                                                                                                                                                                                                                                            • Instruction ID: 42fab1503a6ab7e630df49214c57858c7740208f890d00da517a3d9cb46223eb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3faa0e07a79b93edee09cc3cae358c4fd20fb84fa1bf3c44060cfd7e9f5d76d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AA1FA79A04214CFC715CF29C988AAABBF1BF49304F5581EAD5499B365DB31ED82CF40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06409C50 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: da139a6a495682062616fbcf03813bf431eefc95241b8bb4056f5d4659c850d2
                                                                                                                                                                                                                                                                            • Instruction ID: db3b8f317e0969258164b4c0811ad6dbf8f7e251c8326ca2282013d0121faf07
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da139a6a495682062616fbcf03813bf431eefc95241b8bb4056f5d4659c850d2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19811870E082099BFB45DF6AD5847AEBBF5FF81704F40C02AC4169B2D6DB785A098F91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636EDD0 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: fe258bba2bc12c5c84fb9e511f43a2c54a0fdfbc81331d5f8317be5f6fcdb5cf
                                                                                                                                                                                                                                                                            • Instruction ID: 0281f14381e26697972cb4df81dbc30034ec7b123b6489d85aca442c6bc92611
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe258bba2bc12c5c84fb9e511f43a2c54a0fdfbc81331d5f8317be5f6fcdb5cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86418339B18112CFDB904B67988C63AB7EAAF94241B05853AF51AC7798DF309C0DC6D1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06364190 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 26e12c0f967f263795753c83804d72c8d5e6dc2e8b8b8a76f9501d3643bfc750
                                                                                                                                                                                                                                                                            • Instruction ID: b03ff36b575d59953d872466a52743cb1615c05b935a7208f02bea9f21e01847
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26e12c0f967f263795753c83804d72c8d5e6dc2e8b8b8a76f9501d3643bfc750
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93510774E01269CFDB61DF19C99479AB7B6FB88304F4181A9E509AB358DB345F88CF80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06407A70 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 89b659ad542e60c1af0bb555ad692414810a7b7c1f8203e610067a9201d302e7
                                                                                                                                                                                                                                                                            • Instruction ID: 19e75a3fb1a8fba0f09a563b819c3d225cc7b96ee58c85d1dc9da3b1bed9f4ac
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89b659ad542e60c1af0bb555ad692414810a7b7c1f8203e610067a9201d302e7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE41B375A001159FDB41CFA8C840AAFBBF1FF88314F14842AE919A7391C735ED15CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636370F Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 14a4c37b951f32ea2a96cb6113f112d9588558a6553401a29cc47d5899f948b0
                                                                                                                                                                                                                                                                            • Instruction ID: 544d6b1fe9dc0c5028dee8cf843cdb74e9d894a4e68b41c6bd0a22ba85cb50c1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14a4c37b951f32ea2a96cb6113f112d9588558a6553401a29cc47d5899f948b0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B241A234B042068FF7959B2AC49476A76E7EB84304F10D129A90ADB388DF74DD49CBD2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636383C Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: bf4d64e35690c076cfa59672e6b02d8aa89a12eb570a258a0453d353d4543ff5
                                                                                                                                                                                                                                                                            • Instruction ID: af6c799fca0a2a58c1403fe37b84f20c25fd9171e3f48e47cfbc670d8a45f994
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf4d64e35690c076cfa59672e6b02d8aa89a12eb570a258a0453d353d4543ff5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3441B030B042068FF7A49B2AC49476A76E7FB84304F10D169A80ADB389DF38DD49CBD1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655BAD0 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1e97e5be3bd491130003f749ef4c87831ac446b5c963bbe67b41809e74e870ed
                                                                                                                                                                                                                                                                            • Instruction ID: 02481888c3e30baca9ddf0b9f96da90e2852fcd355a802c5b6bdfbd245777efb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e97e5be3bd491130003f749ef4c87831ac446b5c963bbe67b41809e74e870ed
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8241A035B042059FE7949F79C87C72E3AE6BB85750B0A442AE90ACB380DF75D801CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06363751 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 02a2765d2475ec1c5cb6cef8534b4a0347f089e6216cf3fe1943e0ab2dba558a
                                                                                                                                                                                                                                                                            • Instruction ID: e9fc2d18fc00e2667ec3142617a156ed750663e7669a446261ce95f58da34fac
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02a2765d2475ec1c5cb6cef8534b4a0347f089e6216cf3fe1943e0ab2dba558a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D41B434B042068FF7959B2AC49437A76E7EB84305F11D129A80ADB388DF78DD49DBD1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 063636EF Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a2f10ade8440facbada7aa8a6ea9a2a3ac992f39c4ec35bd4c740a9911d29e2e
                                                                                                                                                                                                                                                                            • Instruction ID: 02d5311c0a2377085ae1927d4c1002ea3be613c3cbbada408ef8096f70053a11
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2f10ade8440facbada7aa8a6ea9a2a3ac992f39c4ec35bd4c740a9911d29e2e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C741B234B042068FF7949B2AC49437A76E7EB84304F10D125A90ADB388DF38DD49DBD2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 063638B7 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: fe6ec26b27d7e4ed35c6beea5a657869a7e98b8a2241f0ca7b36bde0ea79f949
                                                                                                                                                                                                                                                                            • Instruction ID: 07c644c194fb20fe62fc279a881b0c60f50b3d92e4fd75a2549595cde51dbceb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe6ec26b27d7e4ed35c6beea5a657869a7e98b8a2241f0ca7b36bde0ea79f949
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F841B230B042068FF7959B2AC49477A76E7FB84304F11D129A90ADB389DF74CD499BD1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06362B68 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 20e84f8dfddccf8973ad706c25a96fe5f8ed77b62fcc26a2d2842d6af03378a1
                                                                                                                                                                                                                                                                            • Instruction ID: b5daac99fb4deb35dcbce15ebe471594a486839f0c1de54a1aebab88c1ef3eea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20e84f8dfddccf8973ad706c25a96fe5f8ed77b62fcc26a2d2842d6af03378a1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45417F30E04268CFDB648F66D9487AAB7B6FF85305F01C0A9E1199B358DB754A89CFC1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 064015F8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0d56e8b23cd677c1aa7917732f831f81e332bb399e2260b8dd05d62427a78d85
                                                                                                                                                                                                                                                                            • Instruction ID: 0c97d184d93b594f9e31044f27d62389c8ca82d23d8ebf713203ae3ac57fca83
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d56e8b23cd677c1aa7917732f831f81e332bb399e2260b8dd05d62427a78d85
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A3109345551609FE701CB64C858EBA7FE4EF06300B1940AAF997CF262D630CC56CFA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 063642D3 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 81ef2c0c153bb3a4d1814021b894a27a20f945e5d0f4aed2e21b9c16c1ff17f7
                                                                                                                                                                                                                                                                            • Instruction ID: 060519d8954600d61a453b323eee7900c006d4774fa5c586a773ef925ae6e131
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81ef2c0c153bb3a4d1814021b894a27a20f945e5d0f4aed2e21b9c16c1ff17f7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54417A30A01668CFDB55CF65D9487AAB7B6FF84305F41C1A9E2099B398DB354E88CF80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 063632E1 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 38d55e4e830889392c8464eb9db18f49fa5bccb006d894671358c07bec1d6d37
                                                                                                                                                                                                                                                                            • Instruction ID: 90fdbeaf6d211150bc90d7d980a2f5fccae6e2a07d2a73a7c013d1e94768cbfc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 38d55e4e830889392c8464eb9db18f49fa5bccb006d894671358c07bec1d6d37
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6317C30A04568CFE7658F66D9887AA73B6FF84305F41C0A9E1099B388DB754E88CFC0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06363629 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e896eeb6860e3abaf9b3b7f4e18a2dada9acef81d62ebd3575692125b8460ce6
                                                                                                                                                                                                                                                                            • Instruction ID: a63dfade875430f769d689089fc50299bcf5a380a34a8fc6ad6fdbebdd9cb0cc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e896eeb6860e3abaf9b3b7f4e18a2dada9acef81d62ebd3575692125b8460ce6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7315A30A04668CFD7649F26D9887AA73B6FF85305F41C4A9E1099B398DB745E89CFC0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 063645C2 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d55cf8dab997f43f0c7ff2248ec5cd66bde9dcbfeff593404ad8433a338a9f6e
                                                                                                                                                                                                                                                                            • Instruction ID: ad5e92eb450fe7042ffeba1d3f8b8774fad1a15f1ce3a6e05c9eb329468f71a7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d55cf8dab997f43f0c7ff2248ec5cd66bde9dcbfeff593404ad8433a338a9f6e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8318D30904668CFD755CF26D9887AAB7B6FF85305F05C0A9E2099B358DB394A89CFC0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06364548 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: bb6dfc08a941329832b3f5664bfe294f619af65a47ec4a89bfc3addf42b1baeb
                                                                                                                                                                                                                                                                            • Instruction ID: f78edf40b855f01fe66c708021c31e6ebb6d12fe35b01deb8cb0d05b98e75b21
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb6dfc08a941329832b3f5664bfe294f619af65a47ec4a89bfc3addf42b1baeb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25316D30904658CFD765CF25D9887AAB7B6FF85305F01C0A9E2099B358DB354A89CF80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 019BD01C Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2394987358.00000000019BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019BD000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_19bd000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a2a7d653ce922f5211661ae7ceb81f1eb6ffbabd06f31771b1d618063fd4d248
                                                                                                                                                                                                                                                                            • Instruction ID: 8e9943ac6d5361c4d021b581610837b4e6fc0bb36a47dad417d5f41c35897c01
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2a7d653ce922f5211661ae7ceb81f1eb6ffbabd06f31771b1d618063fd4d248
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6212571504244DFDB15DF58DAC4F66BFA9FB88358F24C569E90D0B246C33AD406CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 019BD104 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2394987358.00000000019BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019BD000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_19bd000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ac370457d315769ae67564cae05c4bcfa22bc94e0d2d19391bb444ebd0080761
                                                                                                                                                                                                                                                                            • Instruction ID: 67a37586efcdafd9e12561c7c95f62af28228a62fc056fac8b70e3cf395db285
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac370457d315769ae67564cae05c4bcfa22bc94e0d2d19391bb444ebd0080761
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4521F571504244DFDB09DF98DAC0F66BFA9FB84318F248569E90D0B256C33AD416C7B2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636434C Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 275038b86defe626aebca3bb835f46e3eafd2eeb27d0a714101ddcb9a45e7c10
                                                                                                                                                                                                                                                                            • Instruction ID: 8d2188ad3b63c926cbea85907508b020479714dea71730bea8d917a48a18c86a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 275038b86defe626aebca3bb835f46e3eafd2eeb27d0a714101ddcb9a45e7c10
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1312930904668CFD764CF66D9887AAB7B6FF85305F41C0A9E2099B358DB754A89CFC0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06362C65 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 597ab9dd43f2850314682408d2548a2543f9c4d656302b825a08ffd8fd8fadae
                                                                                                                                                                                                                                                                            • Instruction ID: 0a34b40f8b6e53f3fcd9226b2bac6a52e10760cca595c8a66db210682e2bd838
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 597ab9dd43f2850314682408d2548a2543f9c4d656302b825a08ffd8fd8fadae
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82314B30905668CFD764CF26D9487AAB7B6FF85305F41C0A9E1099B358DB754E898FC0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 019BE7A4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2394987358.00000000019BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019BD000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_19bd000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 62436c034b4570a5b547382de0e5f0ad0bb1af32c65106624e6ef3d4fb59135b
                                                                                                                                                                                                                                                                            • Instruction ID: 0915e617c28666b06ec24104fdfa7bebfb87a95ec34318b177841b8d9b35a2e0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62436c034b4570a5b547382de0e5f0ad0bb1af32c65106624e6ef3d4fb59135b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2021F271504644DFDB05CF28C6C0FA6BBA9FB88314F24C96DE94D4B292C73AD406CA62
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640A1D8 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: abe6f988d99dea7918c625fd6604e668746d8700523ffe7d42aa171cd7d0b87a
                                                                                                                                                                                                                                                                            • Instruction ID: 5b0ac6aa2fd47f885b0018d278b0a88184d4ec07d64f1d55145ec24efb321af3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abe6f988d99dea7918c625fd6604e668746d8700523ffe7d42aa171cd7d0b87a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F011E531E042289BE7549FBAA9443ABFB9AEBC0710F51407DD90A8B385DE718E4583C1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 019BD0FF Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2394987358.00000000019BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019BD000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_19bd000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                                                                                                                                                                                                            • Instruction ID: 7edac4040961b4b99d910a6620815aa976821abdb7df0c91cc66d2b1e8944ccd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5011E676504284CFDB0ACF54DAC4B56BFB2FB84318F24C5A9DD090B656C336D51ACBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 019BD017 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2394987358.00000000019BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019BD000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_19bd000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                                                                                                                                                                                                            • Instruction ID: fcd84f1f3a78e7303ec3cbf8621ef776d7645e9c31bf9ec3653c9ee796444a2c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8411D076504280CFDB12CF54D6C4B56BFB2FB84318F28C6A9DD090B656C33AD45ACBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 019BE79F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2394987358.00000000019BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019BD000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_19bd000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                                                                                                                                                                            • Instruction ID: eaba74295fc06f3c5e5446e2ae61a6dce59d55463325acedf99624bd7920d3f3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1811BB75904680CFDB02CF14C6C4B55BFB6FB84314F28C6ADD9494B6A2C33AD40ACB62
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA120B Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2c11369c4b78952f32a82331a511f19c000a4abf5b05f4800dccd4c5748fca63
                                                                                                                                                                                                                                                                            • Instruction ID: ac2537f82a0b217f9c395ade981a88a53e7bc8c44a393ab034ae48ebf817eb21
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c11369c4b78952f32a82331a511f19c000a4abf5b05f4800dccd4c5748fca63
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1301D271D05258AFEB24CBA9E88A7AEBFB1AF45310F14016BE405E2380DB759984CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640FD70 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: cf7fd295994f36c1c455407e8318f4b65f49a683394e26629acd9057fe8e9ece
                                                                                                                                                                                                                                                                            • Instruction ID: a5d33d91bc3c147d3313d9f2d9fcfa90976bb9bc7664b00b5a34924daedc0ade
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf7fd295994f36c1c455407e8318f4b65f49a683394e26629acd9057fe8e9ece
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81010C74D29128EFFBE0DFA4954835DBFB5AF44305F20C4B7D806D2680E73186898B41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA1218 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 86262b5cf418b51bec6f329b47a01744a831b3b9bd3f4c5ec5c318acbc36be5c
                                                                                                                                                                                                                                                                            • Instruction ID: 5762d34242776e2639e41c214009dc24494d3857b5441651bef0b63cf180b733
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86262b5cf418b51bec6f329b47a01744a831b3b9bd3f4c5ec5c318acbc36be5c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A01B171D04258AFEB24CFA9E8467AFBFB6AF44310F00016BE405E3280DB745984CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640B768 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9813cab0641059ae6eacbe78fe4e75095d4c4d16c4df90368096abbc9f61e0db
                                                                                                                                                                                                                                                                            • Instruction ID: c1e3141516b0e9ff4613cdc5861af57041dec7c1e41509d35c8b348f892e610b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9813cab0641059ae6eacbe78fe4e75095d4c4d16c4df90368096abbc9f61e0db
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9301B174D04268ABFB65DBA5E9447AEBFB5EF44300F10006BE004A3384DB751984CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06368EF8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 34a8172c8f5a7447a73058bd1288b2c694a573aba1aa8761aeb4d981e7c48905
                                                                                                                                                                                                                                                                            • Instruction ID: 46377aabed709b5eff026444ecc295eb2b2881ad8ab6c4588963ba1bc4726d56
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34a8172c8f5a7447a73058bd1288b2c694a573aba1aa8761aeb4d981e7c48905
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68011274D25108DFEB80DFA6E55826DBFF6EB4C300F20C4A6F405EB254D77186848B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640A0D8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c8357ccd34888ec35d8819d29ce58508d64ba4055353ce06c84949237f08df71
                                                                                                                                                                                                                                                                            • Instruction ID: 6979f700ac504430aff2f3988312f71b4cfab54db856f8891756037db16c3ea0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8357ccd34888ec35d8819d29ce58508d64ba4055353ce06c84949237f08df71
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F801EC74E08318DFFB40DFA9955825DBEF1EB45204F10C4A6C406E6681E6758AC19B41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636BD58 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9389d3d6823fd9418904753633c7c7c3953588895a3aa6cdbe5bc1d620f22c5d
                                                                                                                                                                                                                                                                            • Instruction ID: 7f5410b753ecedd62cb642beeac6fae66a83d30e18e21e033fcde138104635fd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9389d3d6823fd9418904753633c7c7c3953588895a3aa6cdbe5bc1d620f22c5d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91F04F72D011189BDB24DFAAC84059EFBFAEF88350F05843AE916B7354DB706E06CAD1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA3B70 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3fab04e71c749346b7c88d3278e91a33d27daca2e72ccf6db869963c4f436703
                                                                                                                                                                                                                                                                            • Instruction ID: 950967180e68a27c703a34ede499ea12b30c0d362ef1a38f0a7899795bc35a0d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fab04e71c749346b7c88d3278e91a33d27daca2e72ccf6db869963c4f436703
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68F09637E041149BD715DF6DE809AABBBA7EF48212B09C877D409E7141EF30C8058E80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA46D7 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 7c9669dc63088cceb6cd7116760c31b27f6b65fd0a7ca4852c6256c997f482cb
                                                                                                                                                                                                                                                                            • Instruction ID: c51de5ab720f4a2e419ecdc445a4d7faa1bcf4e9b63272c7a408adad804ee5d8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c9669dc63088cceb6cd7116760c31b27f6b65fd0a7ca4852c6256c997f482cb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07019538A103158FCB59DF68D89969DBBB6BB48211F1484EAF81AA7390DF309E41CF40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640DA00 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 4d2aca836da593d374b937948fced62498d322f4600698a1bfff04702bbcc24f
                                                                                                                                                                                                                                                                            • Instruction ID: f3735bc7c31edebba1e5ee68bdbfdf4ea64a407478b67243d9de38682dafeb74
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d2aca836da593d374b937948fced62498d322f4600698a1bfff04702bbcc24f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24F05436E081305BA750DEAAA40575EBBA9AF88611F158477D809E3240EA34C5458F95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA3B80 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 29cc6da7b6cda559fa33ddf89943e7bc1f62afd9baaa86fb98ec617ce09ab90d
                                                                                                                                                                                                                                                                            • Instruction ID: 4e12e5641e10cc00f0ce0321a6d9a584cbf1995c7daf150fa2999dd2c8d6c1ea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29cc6da7b6cda559fa33ddf89943e7bc1f62afd9baaa86fb98ec617ce09ab90d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38F08937E14114978714DE6DE80996FFBA7EB88212B05C477E419D7100EF30D4018E81
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655114C Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6fa262e4e200ba6d601f416201915ef97933ad724762ac9f8c1e8902090c38f0
                                                                                                                                                                                                                                                                            • Instruction ID: 4504d69000fcbab964e365e9aa70c05afa8821340e476eb11e310857e900d912
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fa262e4e200ba6d601f416201915ef97933ad724762ac9f8c1e8902090c38f0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55014F74900214CFC744CFA5C4549AABBB5BF48301F1585E6DC19AB395DB34DD81CF90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655116F Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 71f872facf4ad23e11217cd776e96199b0f65322bc4c9efb4799482202c12f67
                                                                                                                                                                                                                                                                            • Instruction ID: f8d94440298490f3e9c5edbdceaad68e85eaa66865c03f5a78c8d41e9b0df876
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71f872facf4ad23e11217cd776e96199b0f65322bc4c9efb4799482202c12f67
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C016378A00218CFC754DF68C8949AABBF5FF48311F558595E819AB3A5DB30ED81CF50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640FE80 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: efde41369ce211476982f1fb805c3f7a830cebcfca29b454ed0d77bbb2e20721
                                                                                                                                                                                                                                                                            • Instruction ID: 1f85820fc70abdfb16d7226fe124a12384c08cf3741420a39ae620a6f090bc76
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: efde41369ce211476982f1fb805c3f7a830cebcfca29b454ed0d77bbb2e20721
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3F02730E0830D9BCB44ABF9A51167E7FA9BB81300F5044A5DC095B741EE319D018791
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655D118 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b356ffc82365bf4a3d4b03513feb874cd235bc7dc4d3505c273548cb6eac6c54
                                                                                                                                                                                                                                                                            • Instruction ID: ca4f89aec853e242f65b713fa829ea12546a2bf0fd563e28b53d0dee21639c29
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b356ffc82365bf4a3d4b03513feb874cd235bc7dc4d3505c273548cb6eac6c54
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8E012613402282BD308697F6C55B6B999EEBC5A50F54843EA50DC7395CC659C0543E5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06364AB0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1b4d267b492150676010627f630f2ca4ef0404e963159b7771a3372dfe47ebea
                                                                                                                                                                                                                                                                            • Instruction ID: cfe8f3028298248e98ca60d8ddb79e9ce5449c76e5d4c8df42a314efbc438a87
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b4d267b492150676010627f630f2ca4ef0404e963159b7771a3372dfe47ebea
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31E068A3E541121BF78066F0F9023EB2743CB95712FA24866C01CC779AED27C42B0386
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06550E26 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f248de8f6e691714be76c255b34c83cbf4917588d8bce59abc920baa426d484d
                                                                                                                                                                                                                                                                            • Instruction ID: ca89965b03b230d9d5b11958a5a1a1e50007b062445cebe39669039c81687731
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f248de8f6e691714be76c255b34c83cbf4917588d8bce59abc920baa426d484d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0F05E78E11225CFDB54DF68C899A997BB1BF48314F0100F6D90AA3361CB309D80CF40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06366F7B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 94d80496ae23718e76960950b12ec065716ebf4f9ff0984dc24e5d4038ffe7ad
                                                                                                                                                                                                                                                                            • Instruction ID: f663bd0bf3060172de6782530c5e47e32ab004158228fcdd6e27745c8930a1b1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94d80496ae23718e76960950b12ec065716ebf4f9ff0984dc24e5d4038ffe7ad
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78F03970A0425ADFEF64CF64D6986DDBFB1EB04304F10416AE4069B785DB784946CFC1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA8402 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 629bb2e2f9e6e4c76e9e933dd30aaee16692507db3739b2bcba0eb3326971c4d
                                                                                                                                                                                                                                                                            • Instruction ID: 514c7cfd38dc02794c74de76185ec7e49fb3a9aac55e63ff6d8c70dabef701ed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 629bb2e2f9e6e4c76e9e933dd30aaee16692507db3739b2bcba0eb3326971c4d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDF0D475D152258FEB90EF18D888AAABBB1BB08312F0444A6E84EA3341DF709D80CF41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655CB00 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: bc2e0d68dc2c88c7ab4210c4d74b6794a2a2080a881ba0788826f78b5157898d
                                                                                                                                                                                                                                                                            • Instruction ID: a324afd9bb146281706612840b8a9a4e7ca307ed25641ca93983c5028d0aa1fb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc2e0d68dc2c88c7ab4210c4d74b6794a2a2080a881ba0788826f78b5157898d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEE0C2362002189BC6242B69F54DA997B7CFBC0321F40403FF10983344CF7268058FD1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 063602B2 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3e045dc49779aa179e8b985820c3bd01a69ecfee17c4dfa0f8cc660b5fb4c2bb
                                                                                                                                                                                                                                                                            • Instruction ID: acc32e5348f8282113fc02123c838791a9953e0d4ebdc9c8c3f4d09692e101be
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e045dc49779aa179e8b985820c3bd01a69ecfee17c4dfa0f8cc660b5fb4c2bb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DD05E36718111CFE74CDE99E559A6C77A8EB84725B10C067F10ACB264CB21DC0087C4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06364B1C Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 4fbe4302014dbd8f9ae6fd36a1cd1693bc75862753d519262baf82fbe2b66f1a
                                                                                                                                                                                                                                                                            • Instruction ID: 8db0a4ae4b79e69f69220cb926fc7764c50ff6099f094717ae1d29ecf2bb9f57
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fbe4302014dbd8f9ae6fd36a1cd1693bc75862753d519262baf82fbe2b66f1a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBD02B5790C1904EC3564AA55CE60A07FA8EC2324634E80CBD086CEE27E149810DC390
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA65A3 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c8eb57eaf63249227fc69ff27fa39912082d773b85a0ee4b2bf4d4c2f9f728b6
                                                                                                                                                                                                                                                                            • Instruction ID: 758cc1edff38083ae3c13c337e6d47747e32c5a905a9f13e24828811be46d646
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8eb57eaf63249227fc69ff27fa39912082d773b85a0ee4b2bf4d4c2f9f728b6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0E0C278E01228CFEB60CF14D844B9AB7B2BB49301F0041E6E909A7341CBB4AD808F41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA8BB6 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a34cdaefafcf9d14bfb3eee3b5598e14320a83d60ec32e753994bb9b8ed1daa9
                                                                                                                                                                                                                                                                            • Instruction ID: 4608b74ae93ed9e66ea3f4551cfccb0f2af9ea65a433830bccd88b04a0adcc8c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a34cdaefafcf9d14bfb3eee3b5598e14320a83d60ec32e753994bb9b8ed1daa9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65D0C222C0C52187FB00AB24C4993AB7766BF09317F090CA7D84653140CB60C801CA51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655CE08 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d5e229d462a7775dcd43bde2343f13ae827c97045bcb89140d48b5650341e22a
                                                                                                                                                                                                                                                                            • Instruction ID: 77f42f83ccf0bc8f556fb1e43291ffbf986f4ceb34d0c41b09ea01a97b036c92
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e229d462a7775dcd43bde2343f13ae827c97045bcb89140d48b5650341e22a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BD02233A043186F4B04DBACAA404CEBFEEDB88130B0000AAD40DC3240EE30290083EA
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA435C Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 618a0dacbaedb6346320c0d8a88554e81b6795e0b20c6ec1248e2acc381475b6
                                                                                                                                                                                                                                                                            • Instruction ID: 9df81d0c3c921b4dea4764be804d89e9e4765ac6d13b71e3ced7fdb3accfbc00
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 618a0dacbaedb6346320c0d8a88554e81b6795e0b20c6ec1248e2acc381475b6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95E0B63A904164CBDB04DFD4C94895AB7B3BB08711B050456E946A7354CBB0E8018A51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06366FEA Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 797bb5b9ec16bf1450082a2fcde62de174bd54e61104fabf888c8bfc7f0e9bf3
                                                                                                                                                                                                                                                                            • Instruction ID: 799ed3e9f848e6c28b5e73544a70c541a4e352450846d128b043916e71541da1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 797bb5b9ec16bf1450082a2fcde62de174bd54e61104fabf888c8bfc7f0e9bf3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02E01234A0428A8FEF24DF78E65969D7FB1EB48301F10016AE5069B740DB384A81CF40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655403D Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 936fe45e228ae19270e066cca2626b9d4f46d5b5d4e13608a278c9a265876de6
                                                                                                                                                                                                                                                                            • Instruction ID: 115758b6a7d836587e1021b35e3b0d1e2fe009452cbf7184d288fafd576d39cc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 936fe45e228ae19270e066cca2626b9d4f46d5b5d4e13608a278c9a265876de6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEE0EC74D11561CFEB90AF59C8593697761BB00324F4A47B7982AA32D1DB345DC08F51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06401CBC Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 03111ad8f2db45921ae10afdf1f08eda1d088bd4bc3ebc3a0f5dee1dfe20dd3c
                                                                                                                                                                                                                                                                            • Instruction ID: 81046e62456424ce861cf8a0383cdc892929dfd155befadb84d957071a0c1199
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03111ad8f2db45921ae10afdf1f08eda1d088bd4bc3ebc3a0f5dee1dfe20dd3c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0D05E20708118CBF3548EA5C4543A76597AB84B00F004476940A9A3C0DB348841CF51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06409A50 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0d7d635f82e66a5b671c5741850e936fdc022b08292aa5d253183646dfc8d5c0
                                                                                                                                                                                                                                                                            • Instruction ID: 39cd6a8729861b9462d0f1dab0fe855268605eeff00a9717c1860171709c9ab3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d7d635f82e66a5b671c5741850e936fdc022b08292aa5d253183646dfc8d5c0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FC0023651011CFB4B015E859805CDA7F59EB59661704C016FA14452118A7299619BD5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA3D05 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 85705629c4d82533202921e39d370569b487b279108c10f86ab35017c4d581f8
                                                                                                                                                                                                                                                                            • Instruction ID: e6ca3e7f1818afb3a0da32059f7cbf02bf234517e004618730b174d532bdb9fc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85705629c4d82533202921e39d370569b487b279108c10f86ab35017c4d581f8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38D0C939B18024CBDB159F94CD5863A3BB3BB48702B150413E8079B344CEA4C801CE01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA26E0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 81817e9c0e66fc03ad456cb36581e8e9dd1abb3ee4840e1e2b2d5e41c25e5223
                                                                                                                                                                                                                                                                            • Instruction ID: 7912e5184c15bbbb2f7e87a8ca26f349dc71fe61a756fd7d91280bf985a760db
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81817e9c0e66fc03ad456cb36581e8e9dd1abb3ee4840e1e2b2d5e41c25e5223
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6C012310503048FC3808B28D889B40BBB8EF0962AF6A4084E0088B332D224EC008A55
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636CB70 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 61d55413835ef76cb6e3fa0beca99da3fcb8aae927c7b2a9a10c35c9cbe7dede
                                                                                                                                                                                                                                                                            • Instruction ID: 1970a7c0a3567494ba6c5a255d2c9c164ad4e18e41da6d956d002cd3eab5368c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61d55413835ef76cb6e3fa0beca99da3fcb8aae927c7b2a9a10c35c9cbe7dede
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AC04C34290604AFE340D65ADD4AF5177A9DB85B14F15C095F2088B2B1DA62EC004554
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06403F4C Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 988a31fe4fae772b690eb11b21f4e42327e970f9b16b710d6011f7114cbc0a11
                                                                                                                                                                                                                                                                            • Instruction ID: 2aa92bf026f1196061e3c5783681efca2761768b05cf8724fd7163847fcc80a3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 988a31fe4fae772b690eb11b21f4e42327e970f9b16b710d6011f7114cbc0a11
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85D09E34A121298FEB15CF29CC546DAB772AB8A314F44C2A6945A562D4DB305B46CE42
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA2F91 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a479ed6a0b16c3a184edc08490d52dffc0a7fafada1259a46b4a20a0424e1a84
                                                                                                                                                                                                                                                                            • Instruction ID: fc25bf3045aa36d75d9b375fa5cf75e56966c3eda0773444aeb7c3791d5bbaeb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a479ed6a0b16c3a184edc08490d52dffc0a7fafada1259a46b4a20a0424e1a84
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5C08CB742A2C20FC3020AE06A0B2843F209F42242B0A0483B008C23F2E62588008A16
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640457C Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 917ae0eb4a9830eb4fad290b572b83ec49fe0c9c7ed74cf8c1f8b32cd7124e5a
                                                                                                                                                                                                                                                                            • Instruction ID: 3e1d3205f4699308850965cdd724aca5a890a77be038c4f4948e1976a54f2d75
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 917ae0eb4a9830eb4fad290b572b83ec49fe0c9c7ed74cf8c1f8b32cd7124e5a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61D0C974A402148FE7108F2488157A67AA1A704740F0040A6A60AE6280E6748D408A04
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655FF58 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b0e8697671d1f68a9ee03da5efa2c85fefaed501c19c8190446e35b9d3d12f51
                                                                                                                                                                                                                                                                            • Instruction ID: e9b9f9bc328e2069d18a481994ceef9734a0948995ce524c83127d8e4c61689e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0e8697671d1f68a9ee03da5efa2c85fefaed501c19c8190446e35b9d3d12f51
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78C09235280208AFD2009B69EC4AF4177A8EB09B25F214090F20C8F2B2C6A2FC008A84
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06409520 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1594d93a6f0a8cdfa8fd9289cd544348cfe5f20df95678c334e2805c3ed5c716
                                                                                                                                                                                                                                                                            • Instruction ID: 6d9bc2b1490787b83bf9d7a9398c67dcaf0cc526b475210423a49d7bc3471a98
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1594d93a6f0a8cdfa8fd9289cd544348cfe5f20df95678c334e2805c3ed5c716
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4C04C36140108EFCB419F55E944C457F79FF197607118051F9484B231C732E924DB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 064099C0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: df29431b0e75df59fb9d82fefd9855189ab42b2217a5557f6de6eb109a701f94
                                                                                                                                                                                                                                                                            • Instruction ID: acca5ed894aa250990723ee527a8bb1fd2382ad157b43449cccf6ee63172a9c1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df29431b0e75df59fb9d82fefd9855189ab42b2217a5557f6de6eb109a701f94
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDC04C39140108EFCB419F55D844C457FA9FF19760741C051F9494B631C732E960DB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA5637 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b04e96835b95f7648a1f5592b0cebe97204b9f694e9cb808c4c30004556d52cc
                                                                                                                                                                                                                                                                            • Instruction ID: d0c7966cb8e771166896755c965e1f95c4fc5aaa89d3e617c5e8e16062e2383f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b04e96835b95f7648a1f5592b0cebe97204b9f694e9cb808c4c30004556d52cc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EC0924150E3C0CFCB0386604C603012FB15F03405B8E00C79CC9CE7DBC24C88088332
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06550D19 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 85e5710167ff2a7904a57c57104339203c6eb200187b562767a234272c739fb2
                                                                                                                                                                                                                                                                            • Instruction ID: c8d5d78bab3640462215b62c0dd87032653fe4cad1889ff5492ac3f9d14ac8bc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85e5710167ff2a7904a57c57104339203c6eb200187b562767a234272c739fb2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAC0922010D7E1CFDB030EA44C691403BB0AF4270178E49D38849DF7EBE25C884887A6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640324E Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c9d687dc15ce88e23ba3a5f1bfcffcbbf757390b8edb5aef9dd068ca9b8ac809
                                                                                                                                                                                                                                                                            • Instruction ID: ab1f18a328880456a7be7947cec5e4c20925052e3d335584c3c7b6771dfdf6ee
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9d687dc15ce88e23ba3a5f1bfcffcbbf757390b8edb5aef9dd068ca9b8ac809
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95C00278A552148BEB445FB8A59E29C3EA1A749301F004466F806D3380EF344980CF04
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DAFCF0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8ff744219830bac1f98c68ec2e318c61dc9507d79c07669161b9e91dee17478d
                                                                                                                                                                                                                                                                            • Instruction ID: 93723b2dec9806db5c985d22b7f173c3fff6162b5e5bd08c1744b71434bb3c3d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ff744219830bac1f98c68ec2e318c61dc9507d79c07669161b9e91dee17478d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9B092301602088FC2409A58E444C4073A8AB08A243114090E2088B232D622FC008A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA26F0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d1cdb4f687ab12025e8389c2fb21792c812de654467923881419b2744bb53e71
                                                                                                                                                                                                                                                                            • Instruction ID: 7de4840db72a739a7296ecabbd3d178890c8b70a70b6a7fce96b4b1d731f9c0f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1cdb4f687ab12025e8389c2fb21792c812de654467923881419b2744bb53e71
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AB092341502088F82409B59D449C00BBE8AF08A243454090E1088B632C621F8008A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636F700 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a35b94a68f7c4b7567d5f91d172f55421f9e29921dd73c803e995a2f03265d01
                                                                                                                                                                                                                                                                            • Instruction ID: a136d31b4648f218486bf5cb1ad07de9ef31e8686db64e34b659b88132c01c59
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a35b94a68f7c4b7567d5f91d172f55421f9e29921dd73c803e995a2f03265d01
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91B01230240608CFC300DB5CD445C0477FCAF49A0430000D0F1088B331C721FC009A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636EDB0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2ed0a0a5996687c6444fcfe22a8d2ea0246b1e0c877078f6aaa5228238b9ba11
                                                                                                                                                                                                                                                                            • Instruction ID: 11500f79a2cd67b5a4cca3a398b11299bdf35db7a64ffd53d56c6adc17ac9cbe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ed0a0a5996687c6444fcfe22a8d2ea0246b1e0c877078f6aaa5228238b9ba11
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57B092351502088F83009B68E548C0077E8AB08A143118090E10C8B232C621F8008A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06364B00 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0c5aa06abd19b972ef5ffdcdd9d868785c862436591dc722b60b57511d1520ba
                                                                                                                                                                                                                                                                            • Instruction ID: 38f246181df111d5429a8bd68a772e0fce3d181c3253e5a9de7ce3dab65c4b62
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c5aa06abd19b972ef5ffdcdd9d868785c862436591dc722b60b57511d1520ba
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4B01230240208CFC300DB5DD445C003BFCAF49A0434000D0F1088B731C721FC008A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655FD70 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: aea48196f6d5a6dee89b089591dd077c3a764e4088d62ef8576d93cef22d0859
                                                                                                                                                                                                                                                                            • Instruction ID: 7776b3f87e7975e62c6360d45597d850eb9296844d51bd967739870c80534e37
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aea48196f6d5a6dee89b089591dd077c3a764e4088d62ef8576d93cef22d0859
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EB0123B16120CB78A001ED5E80ACD57F1CD715671B004013F74C061108A736464AEB5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655FFA0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8ab4bbdd17a120ddc1ef3c4cf224515beb75f8373d4b4482147fda78e6e90976
                                                                                                                                                                                                                                                                            • Instruction ID: 20159973dc6c4478fa717a34ac84a2881d4813b9dc5cbab7339b5de6a68ee492
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ab4bbdd17a120ddc1ef3c4cf224515beb75f8373d4b4482147fda78e6e90976
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DB01231250208CFC300DB6CE444C0033FCAF4DA1431000D0F10C8B331C721FC008A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06409C30 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b9daf118bfbcc3bf9e3a36b33321736fd5490af0d73cb682b29b312aa5d5cce5
                                                                                                                                                                                                                                                                            • Instruction ID: 0d3249c45e54e982a1c7318e279da309283474fafde044080f2c3a1230d30425
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9daf118bfbcc3bf9e3a36b33321736fd5490af0d73cb682b29b312aa5d5cce5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42B092311402088F82009B58E548C0137A8AB08A143010090E1088B232C621FC008A51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 064098E0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9579bbd37706b9f805c97a8b86376f012bad3eda2f988e6d4a3edce521e37d0c
                                                                                                                                                                                                                                                                            • Instruction ID: 3e1b298d6a45206821e8d4e8113cb6471f10a3ee5e9e21634c76d53f990c4c0b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9579bbd37706b9f805c97a8b86376f012bad3eda2f988e6d4a3edce521e37d0c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CB0923A00010CFB8B012F95E80988A7F69EB14260B00C012FA08481218B329520EB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06407CA0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f50823769c5379ff33893d5e1267e1abd2723d72a525cf17fdda79959d59276e
                                                                                                                                                                                                                                                                            • Instruction ID: f8685e2d4858883932c1868c747126ea1d9569a3433d49fbe429c8934eed1e61
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f50823769c5379ff33893d5e1267e1abd2723d72a525cf17fdda79959d59276e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01B0923A00010CBB8B412E85E8098897F29EB58271B008022FA08086208B32A564AB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06407360 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d1cdb4f687ab12025e8389c2fb21792c812de654467923881419b2744bb53e71
                                                                                                                                                                                                                                                                            • Instruction ID: 7de4840db72a739a7296ecabbd3d178890c8b70a70b6a7fce96b4b1d731f9c0f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1cdb4f687ab12025e8389c2fb21792c812de654467923881419b2744bb53e71
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AB092341502088F82409B59D449C00BBE8AF08A243454090E1088B632C621F8008A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06400979 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3f540a83123f748d883792d6fd0a91dd75f2bee4d4c02934acd085130e2866b9
                                                                                                                                                                                                                                                                            • Instruction ID: 8a9d99a257a514e7312143d8d3fc8d2fcc76b06d801a2a0ae0dabde2b41212a8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f540a83123f748d883792d6fd0a91dd75f2bee4d4c02934acd085130e2866b9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BC08C70600118CFE340DF54C08479AB6E2BB45600F00C0D2C419A3345D630CD09CF81
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640EF90 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 123d24ce35d53494cbcdc05058999f12415590baa37d1dbf2c8a082249a258d3
                                                                                                                                                                                                                                                                            • Instruction ID: 658667b0a2592cd74da9222a1c58453a0422a78ace137ed8f7bd819ccbff5351
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 123d24ce35d53494cbcdc05058999f12415590baa37d1dbf2c8a082249a258d3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5B092341506088F82009B58D448C4473E8AB08A1530100D0E1088B232C621FC408A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06409BA0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d1cdb4f687ab12025e8389c2fb21792c812de654467923881419b2744bb53e71
                                                                                                                                                                                                                                                                            • Instruction ID: 7de4840db72a739a7296ecabbd3d178890c8b70a70b6a7fce96b4b1d731f9c0f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1cdb4f687ab12025e8389c2fb21792c812de654467923881419b2744bb53e71
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AB092341502088F82409B59D449C00BBE8AF08A243454090E1088B632C621F8008A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 064099A0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c36d8595de6cee9400947c61ed06ad6347dacc94be26bd4bd7869ddcb9cc36e4
                                                                                                                                                                                                                                                                            • Instruction ID: 2449a3c453af86c3675e90617e92351427971b9e93ad94f3b19b4bb7ef2f13a2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c36d8595de6cee9400947c61ed06ad6347dacc94be26bd4bd7869ddcb9cc36e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DB092311602088F82409B68E444C0073A8AB08A243114090E1088B232C621F8008A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA2FA0 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 714198c82455273ab5f5702f1c885201fbf0095686de2ca58ccf02d4827d75eb
                                                                                                                                                                                                                                                                            • Instruction ID: 2b61376ef3dcbf2ce6637d45736e787e1892d34567b788772d6a2f97eddf0116
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 714198c82455273ab5f5702f1c885201fbf0095686de2ca58ccf02d4827d75eb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EA011380322888F82002FAAB80F00C3F2CAA802023800023B00E80A20AF222C008E80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05DA8AA7 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2433182491.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_5da0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: eb31c495cccb7899f73551c3c40e73d3e0ea66b548bb298708bbbf6bdf6feebe
                                                                                                                                                                                                                                                                            • Instruction ID: 7a9e81fe7634393e02528c7c67563f36bfa2d22da64ff4117d5d50492dca539c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb31c495cccb7899f73551c3c40e73d3e0ea66b548bb298708bbbf6bdf6feebe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5C04CB5D8622A9FFB60CF14D844AA97775BB48311F1141F7941DA3383CA709DC0CE41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06407340 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b5079b63260a913cc93417e0f3454c6ede56118cd327c8abb225952c7af8073c
                                                                                                                                                                                                                                                                            • Instruction ID: bf9c23ec646cfef6594273e3140dd012d60e03b0bfe51bb4a1cf808483b8005a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5079b63260a913cc93417e0f3454c6ede56118cd327c8abb225952c7af8073c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BA012340102088781005A88E806410BB6C96445047048056A00D023024F22B801C9C0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06404374 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9c5ad90e8c78f3fee80452819d2b1713cafff723a5118850a8b7da0f800937d3
                                                                                                                                                                                                                                                                            • Instruction ID: 9c3b0064e76308fdb953801b8a36146dd042e514baecd84d6af17c6ebfbe426d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c5ad90e8c78f3fee80452819d2b1713cafff723a5118850a8b7da0f800937d3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7C04C74D482288FE790CF68D8487D977B1AB4A710F4041EA940DA3740CA305DC1CF94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06407320 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: fbd0bd22d7932b668856299654a0ae098d75ed6a0acb8df796bf323e8395821f
                                                                                                                                                                                                                                                                            • Instruction ID: cbc98baebcc515a1e03deff5b45ac69fb85006e804bf3e1cb8de74a2f1b48b54
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbd0bd22d7932b668856299654a0ae098d75ed6a0acb8df796bf323e8395821f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FA02430011F0CC7C3003FF47505050375CF5001053400475F10C007104F33D050CD40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06406FD0 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 81d900046a2f57cb514fc76cea67fd0b5ddd96bb6e95ddfb9f0b0c40d05ec14b
                                                                                                                                                                                                                                                                            • Instruction ID: e0d713de70a462f69cd0f37c8931d1b89404a130b0f679715f0773929e9130a8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81d900046a2f57cb514fc76cea67fd0b5ddd96bb6e95ddfb9f0b0c40d05ec14b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBA0223000AB0C8AC20833B02000022B3CC08000283C000B8C30C0CA300833F0A0C080
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640F390 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d2c92fc0fc86da980e66fad6dc72e04b20e82847a50801cfe8d11c8d29765f16
                                                                                                                                                                                                                                                                            • Instruction ID: 1dd812c16f731eab7d48b995e8d99c53ae1c98cea7f18d1b62e2e3cb152d68c8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2c92fc0fc86da980e66fad6dc72e04b20e82847a50801cfe8d11c8d29765f16
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71A02230002B0C82820033B2300002033CC080020C38008B8820C0EB200833F0F08088
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636E7C0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ecbafb6e4bf7896475eaf95e656151044b6140f186daab7e0f016a88404c59fe
                                                                                                                                                                                                                                                                            • Instruction ID: 84afa155e3c41e2141c3a81981812f99a7531d821def09c0a1af0d8ec1b92aee
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecbafb6e4bf7896475eaf95e656151044b6140f186daab7e0f016a88404c59fe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636B0D0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 71bc90c55dbe8624d3b909e45506a6344be5f56c59c8312f4d93a79aa4f2c1c0
                                                                                                                                                                                                                                                                            • Instruction ID: 90589bd3072e7e493bb4d6320fe53ba3c6f0c026875d2d71a6d4c0b972d310cb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71bc90c55dbe8624d3b909e45506a6344be5f56c59c8312f4d93a79aa4f2c1c0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40900235054A1C9B49402BA9750E5657B5CE544515B800152B54D416025E56A41049D7
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06367F04 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: aa47d8e6c14b88ce06f198081fdd43ab8481e87f1697cb32d21abe73cfa4b05f
                                                                                                                                                                                                                                                                            • Instruction ID: 0f544f4d29a2aaba5308a664c7eb7341437e4931ee07af2e2ce7dce6376aa6af
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa47d8e6c14b88ce06f198081fdd43ab8481e87f1697cb32d21abe73cfa4b05f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFB0927152020FDEDF018F35E62869D3F28FB00316F00A222E00205118DF78090A8FC1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06367BBB Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 133fa38fdf6318df2615e0c6f8e4496a04ee72e82208cf8f4361b5a1b5737cdf
                                                                                                                                                                                                                                                                            • Instruction ID: 8c4af14cc0afe2b0220bbbd2431f23a623e0962688a71477d78d4ea496f1a1c1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 133fa38fdf6318df2615e0c6f8e4496a04ee72e82208cf8f4361b5a1b5737cdf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35B0927040020B9EDF019F65F51869D3F28FB80325F00D122E08205118EF780A098FC2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0655F050 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437743459.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6550000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ae79c972fe9923586680cc28e2a2f2f7e7970e9df3d34818886172e9914aa92b
                                                                                                                                                                                                                                                                            • Instruction ID: 310077fcb2bd10ed1b842b5ac1ced28de3afdd4752d6c8117a2d929b8da3d116
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae79c972fe9923586680cc28e2a2f2f7e7970e9df3d34818886172e9914aa92b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D590027605464C8B4A403BD9741A695BB5C95445157804152B50D416025E6564604995
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06403651 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 050c0ec33b09c2ea942c05f0d7bd3e1cda99ee4e67dc78befeeac96d4162491b
                                                                                                                                                                                                                                                                            • Instruction ID: 3a314b00df4b0ad4986a00535c4c929770486f40479db14a4f4f40bc0ab543c3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 050c0ec33b09c2ea942c05f0d7bd3e1cda99ee4e67dc78befeeac96d4162491b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DB0123850C0288FF3504EE8E409B967A31D700600F004173640373380C5348C568FC0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0640CCB0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1dfb0626e7df98cc10b8b87fbd0b3565934de01c2860cc9a399c3aa95561bcf3
                                                                                                                                                                                                                                                                            • Instruction ID: aa0802dcc5ed1d5ec791b6d3d1ba16f945b35c78385d81c92a58dd84d8f8f090
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dfb0626e7df98cc10b8b87fbd0b3565934de01c2860cc9a399c3aa95561bcf3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F990223800020C8B00002B88300A0803B0CC080232B820002B00C022000E00200008A0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06407DC0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2437242795.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6400000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e72c927f872623ad1f76dc1ca6da283606020c48784b33b285c9fdbe28701829
                                                                                                                                                                                                                                                                            • Instruction ID: 7bdda3c464f33301fcbaca13005d7c35250344590539af5b31b23f088effd10e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e72c927f872623ad1f76dc1ca6da283606020c48784b33b285c9fdbe28701829
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A90023545560CCB45802B9D740E5957B9C95485367840456FA0D85A015E55A4544995
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0636337A Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 7cde242679c65605b1fd433ddc468bf3e10c5c93bf6bea54b443a55ddfb7340c
                                                                                                                                                                                                                                                                            • Instruction ID: ffc91f011bf7bc0bc3f7345ccf5c4620c7dffd0a900508fecec466f61765f137
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cde242679c65605b1fd433ddc468bf3e10c5c93bf6bea54b443a55ddfb7340c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F90022064819359EB5819A940157691849D720200F019C3A301386D84C969C6401185
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 06367D4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2436012526.0000000006360000.00000040.00000800.00020000.00000000.sdmp, Offset: 06360000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_6360000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0ed7526a6780d0902901213c0f5784649c5ad6ca092f43881fbed36da9f8320c
                                                                                                                                                                                                                                                                            • Instruction ID: 0e83f0e39247683dcef2762d8aacb79c14b84ead463fe9d8c09c4e6dcc85944b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ed7526a6780d0902901213c0f5784649c5ad6ca092f43881fbed36da9f8320c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18B09274810202CFDB408F19920D2583EA0A308201F00801BF10281301CB3401058F81
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 0A5B3A5F Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000035.00000002.2455805379.000000000A5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A5B0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_53_2_a5b0000_RightBackup.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 18e55f853892e8c25cfd26c106e4f71f74b9f5714edf93d9e4502d48ac0dbaba
                                                                                                                                                                                                                                                                            • Instruction ID: fd181e0f86d46992aa45099a29a67911b234cfcb819dc9f933f62c912ed58357
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18e55f853892e8c25cfd26c106e4f71f74b9f5714edf93d9e4502d48ac0dbaba
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DB1402625D2C1ABCF8B4F74A4F55E3BFF0AE6762436C95CAC8C84E417C2139096DB24
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:6.3%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:90.5%
                                                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                                                            Total number of Nodes:74
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                            execution_graph 48107 65d104 48108 65d11c 48107->48108 48109 65d177 48108->48109 48111 ac9140 48108->48111 48112 ac9168 48111->48112 48116 ac9490 48112->48116 48121 37c7a70 48112->48121 48113 ac918f 48117 ac94b5 48116->48117 48120 ac9562 48117->48120 48126 ac88f0 48117->48126 48120->48113 48122 37c7a95 48121->48122 48125 37c7b42 48122->48125 48134 37c74e0 48122->48134 48125->48113 48128 ac8903 48126->48128 48130 ac8ce0 48128->48130 48131 ac8d28 VirtualProtect 48130->48131 48133 ac898c 48131->48133 48133->48113 48136 37c74f3 48134->48136 48135 37c757c 48135->48113 48137 ac8ce0 VirtualProtect 48136->48137 48137->48135 48091 363e050 48092 363e085 48091->48092 48093 363e05d 48091->48093 48099 363d204 48092->48099 48096 363e0a6 48097 363e16e GlobalMemoryStatusEx 48098 363e19e 48097->48098 48100 363e128 GlobalMemoryStatusEx 48099->48100 48102 363e0a2 48100->48102 48102->48096 48102->48097 48103 ac89f8 48106 ac8a4b LoadLibraryA 48103->48106 48105 ac8af9 48106->48105 48138 ac0848 48142 ac0851 48138->48142 48147 ac2dba 48138->48147 48150 ac5679 48138->48150 48153 ac3f21 48138->48153 48157 ac56e5 48138->48157 48160 ac566b 48138->48160 48163 ac3ef6 48138->48163 48167 ac47ba 48138->48167 48149 ac88f0 VirtualProtect 48147->48149 48148 ac2dd8 48149->48148 48151 ac567d 48150->48151 48152 ac88f0 VirtualProtect 48151->48152 48152->48151 48154 ac3f2d 48153->48154 48156 ac88f0 VirtualProtect 48154->48156 48155 ac3f5a 48156->48155 48158 ac56a2 48157->48158 48158->48157 48159 ac88f0 VirtualProtect 48158->48159 48159->48158 48161 ac567d 48160->48161 48162 ac88f0 VirtualProtect 48161->48162 48162->48161 48164 ac3f2d 48163->48164 48166 ac88f0 VirtualProtect 48164->48166 48165 ac3f5a 48166->48165 48170 ac88f0 VirtualProtect 48167->48170 48168 ac31ab 48168->48167 48169 ac47da 48168->48169 48170->48168 48083 377baf0 48085 377baf3 GetPrivateProfileStringA 48083->48085 48086 377bd22 48085->48086 48171 65d01c 48172 65d034 48171->48172 48173 65d08f 48172->48173 48174 ac9140 VirtualProtect 48172->48174 48174->48173 48087 ac97a0 48088 ac97e0 VirtualAlloc 48087->48088 48090 ac981a 48088->48090 48175 acc5d0 48176 acc5d9 48175->48176 48178 37c2011 48175->48178 48180 37c74e0 VirtualProtect 48178->48180 48179 37c2026 48180->48179

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 062A0040 Relevance: 16.2, Strings: 12, Instructions: 1174COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3382418377.00000000062A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062A0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_62a0000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: (_]q$(_]q$,aq$4c]q$4c]q$Haq$Nv\q$$]q$$]q$$]q$c]q$c]q
                                                                                                                                                                                                                                                                            • API String ID: 0-67377238
                                                                                                                                                                                                                                                                            • Opcode ID: 557fc962fede8582effe52dcddc48b70875c4a2b8d2cd70c8f80be8610d0eb35
                                                                                                                                                                                                                                                                            • Instruction ID: 643600541ce7f403a15d1fe02027110db1a2c11a7881a6c9be60db8a49d6d82b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 557fc962fede8582effe52dcddc48b70875c4a2b8d2cd70c8f80be8610d0eb35
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D82BA30B502258FCBADAB7E495062D66E7BFCCB04B20496DD44ADB394EDB4CC41CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 062A1409 Relevance: 1.7, Strings: 1, Instructions: 422COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3382418377.00000000062A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062A0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_62a0000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: e
                                                                                                                                                                                                                                                                            • API String ID: 0-4024072794
                                                                                                                                                                                                                                                                            • Opcode ID: a17bd7fd8f7c69967d2339b6fe7f6bf81fcf1102348dbbeecc11d21c9a2d32bd
                                                                                                                                                                                                                                                                            • Instruction ID: 898ce1003202424731493fb7c8e4f74ff88083bd1861113f5a2ac76b91533a52
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a17bd7fd8f7c69967d2339b6fe7f6bf81fcf1102348dbbeecc11d21c9a2d32bd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA4137302183828FD7659F35D85875E3BF7DFC2351F09486AC442CB2A1CEB8985AC762
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 062A2440 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3382418377.00000000062A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062A0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_62a0000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: fbq
                                                                                                                                                                                                                                                                            • API String ID: 0-3185938239
                                                                                                                                                                                                                                                                            • Opcode ID: e761404a77e3de8303faee2434866d8a7e679bcf8eecb50a78fc8844aff5688e
                                                                                                                                                                                                                                                                            • Instruction ID: f1e09d36393cb2332319effa4390642348396843641fd4aeb374859b290fe03c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e761404a77e3de8303faee2434866d8a7e679bcf8eecb50a78fc8844aff5688e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4041B230621300CFD759EB74E844B7E7BA7FB84304F085929D8069B794DFB99A49CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 062A2411 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3382418377.00000000062A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062A0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_62a0000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8d3ed30735956be7a88c7193dd1758d22dbeb200306af08230a4e2d63ace2e10
                                                                                                                                                                                                                                                                            • Instruction ID: 023965b141c30c6565575bf8d6800e989814b0cc3ef8fe060daff352a231bb05
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d3ed30735956be7a88c7193dd1758d22dbeb200306af08230a4e2d63ace2e10
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7441B030625300CFD759EBB8E44472E7BA7FB84304F084929D4069B7A4DFB89A49CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 062A1968 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3382418377.00000000062A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062A0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_62a0000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3c381aba862c39a3a11c43c6cf9f0d444cdebb2d877270b41d8154dcb10859b8
                                                                                                                                                                                                                                                                            • Instruction ID: a041aacdf2a14cffb6a6b0ca2d87085fc18879346b137c47d8ca3281c2072775
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c381aba862c39a3a11c43c6cf9f0d444cdebb2d877270b41d8154dcb10859b8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5831F330610211CFDF59EB64D988AAEBBF6FF84314F00857DD5099B265CB75E845CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 062A1967 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3382418377.00000000062A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062A0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_62a0000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 5268409c82716dc87f3e08b19eea74b00b646b8a3b1ada31f93fadf60390f334
                                                                                                                                                                                                                                                                            • Instruction ID: 85ee18fc174c691c032acb75b23465f5bb741e10aa72d7f0d4e7808b60f3ea4e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5268409c82716dc87f3e08b19eea74b00b646b8a3b1ada31f93fadf60390f334
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9931E030A10211CFDB59EB64D988BAEBBF6EF84314F00857DD50AAB265CB75D845CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 062A0006 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3382418377.00000000062A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062A0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_62a0000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 92ea5449df7681a3572a6a4e1b7d78589fd08c7e316896c0c1a3509371109a57
                                                                                                                                                                                                                                                                            • Instruction ID: abf2dcd88e959ff1cb169f748348924238661ab9bb7dc3279b6f2967f7290e15
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92ea5449df7681a3572a6a4e1b7d78589fd08c7e316896c0c1a3509371109a57
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E921F630B183964FDB67177848601ADBFF69F8B308B1504EEC485D72A2DEB88D06C7A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0397B418 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3351349679.0000000003970000.00000040.00000800.00020000.00000000.sdmp, Offset: 03970000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_3970000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0633e59339a7176deec4641c81b9fdd5ecd5aba0b9f80fdbeb329501b624367e
                                                                                                                                                                                                                                                                            • Instruction ID: 2cfa183cd239f4a976ef17bdca5e5fd4469f61a13422d25d3999734238a1c993
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0633e59339a7176deec4641c81b9fdd5ecd5aba0b9f80fdbeb329501b624367e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04F06231D042189BDB24EFA9C8405DEFBFAAF88350F058479D915B7384DB746D06CA95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 039701A7 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3351349679.0000000003970000.00000040.00000800.00020000.00000000.sdmp, Offset: 03970000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_3970000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 5762bda4192a7403b14cc7adf1aaeab7f71337eb3b56aee0440d38dcf2eb4537
                                                                                                                                                                                                                                                                            • Instruction ID: 4d71d1e2c91cd5c85bdd04742f1492c740930c6261c2350236932a5ea1bf9064
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5762bda4192a7403b14cc7adf1aaeab7f71337eb3b56aee0440d38dcf2eb4537
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F01D738A10718CFCB59EF64D498A9DB7B6FB48215F4444E9E80AA3394DF349E86DF00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 062A264E Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3382418377.00000000062A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062A0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_62a0000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: cd039efd072bf058687160be07836b8b65739387de395bc9ddd265e3e8f8a614
                                                                                                                                                                                                                                                                            • Instruction ID: 4ea65668a49905d39294b0e265eebf2450e85a8aaeb5f61e130208845f4f0961
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd039efd072bf058687160be07836b8b65739387de395bc9ddd265e3e8f8a614
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3FD0126448E3C58FC703079026500F43FA4DD4712230A14D7D585C65B3C95905169311
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03973EC5 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3351349679.0000000003970000.00000040.00000800.00020000.00000000.sdmp, Offset: 03970000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_3970000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2ccf1338ca58eb91c894dac767c7858b4075f05e4a42a1146e534ce96082de0c
                                                                                                                                                                                                                                                                            • Instruction ID: 05154d0cd4ec9067875e4f8247b2ae2e44ace0d01298769ad6946aeb9376052f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ccf1338ca58eb91c894dac767c7858b4075f05e4a42a1146e534ce96082de0c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78F0F874D14A65CFEB94EF14D884B99B7B5BB08311F1000F5C84EA3395DA345D81DF11
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 039739F7 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3351349679.0000000003970000.00000040.00000800.00020000.00000000.sdmp, Offset: 03970000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_3970000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a69f4f0ae4bdf2c993c2b9b00cef39d7b8c70d74a9adf18bbfdbffd90e1f85ba
                                                                                                                                                                                                                                                                            • Instruction ID: 673043477ad900a5842f1dec3cd5c654eb14d3623aa4e45752739e0544a1b9a0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a69f4f0ae4bdf2c993c2b9b00cef39d7b8c70d74a9adf18bbfdbffd90e1f85ba
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F01574D18628CFDB20EF64C884A9DB3B1BB0C310F0541E9C88EA3390CB349D818E41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03974677 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3351349679.0000000003970000.00000040.00000800.00020000.00000000.sdmp, Offset: 03970000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_3970000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d901c9cdd1ef1fd25bbd8d87c242dd2e525aae601572dec2efc45f5baeacf1a9
                                                                                                                                                                                                                                                                            • Instruction ID: d54f7ea7eba58c5ebec696413c7cabd7acf7ceaaa38bee91b19ff62ba3db213f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d901c9cdd1ef1fd25bbd8d87c242dd2e525aae601572dec2efc45f5baeacf1a9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDD02B70D1C911CBF701E764C4503DA27566F45324F0940BAC8CA973C0D9248C428252
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0397CA60 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3351349679.0000000003970000.00000040.00000800.00020000.00000000.sdmp, Offset: 03970000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_3970000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 61d55413835ef76cb6e3fa0beca99da3fcb8aae927c7b2a9a10c35c9cbe7dede
                                                                                                                                                                                                                                                                            • Instruction ID: 1970a7c0a3567494ba6c5a255d2c9c164ad4e18e41da6d956d002cd3eab5368c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61d55413835ef76cb6e3fa0beca99da3fcb8aae927c7b2a9a10c35c9cbe7dede
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AC04C34290604AFE340D65ADD4AF5177A9DB85B14F15C095F2088B2B1DA62EC004554
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0397CB00 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3351349679.0000000003970000.00000040.00000800.00020000.00000000.sdmp, Offset: 03970000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_3970000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8ab4bbdd17a120ddc1ef3c4cf224515beb75f8373d4b4482147fda78e6e90976
                                                                                                                                                                                                                                                                            • Instruction ID: 20159973dc6c4478fa717a34ac84a2881d4813b9dc5cbab7339b5de6a68ee492
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ab4bbdd17a120ddc1ef3c4cf224515beb75f8373d4b4482147fda78e6e90976
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DB01231250208CFC300DB6CE444C0033FCAF4DA1431000D0F10C8B331C721FC008A40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0397E8B0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3351349679.0000000003970000.00000040.00000800.00020000.00000000.sdmp, Offset: 03970000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_3970000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 23f42343e7a3105235cc843e14157d0082f8b118b21b745113e540d377c18083
                                                                                                                                                                                                                                                                            • Instruction ID: 074239916e8646d0ef5b607ee24870dfb19236b78d9a9edb219fa88303a58555
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23f42343e7a3105235cc843e14157d0082f8b118b21b745113e540d377c18083
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93B01230240208CFC200DB5CD444C4033FCAF49A0430000D0F2088B331D722FC00CA40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03974568 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3351349679.0000000003970000.00000040.00000800.00020000.00000000.sdmp, Offset: 03970000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_3970000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 90f906385be50cb534443ceef512c50963e92125c3596f126fcac4edafa17b34
                                                                                                                                                                                                                                                                            • Instruction ID: 7e586d03290e93a81b7a6fc784b54ff6b0e914111d544153c555c77648c35b2c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90f906385be50cb534443ceef512c50963e92125c3596f126fcac4edafa17b34
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67C04CB4D86626CFF750DB10D844EA97771AB44714F1141F68819A3397DA305EC1CE40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0397110A Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000036.00000002.3351349679.0000000003970000.00000040.00000800.00020000.00000000.sdmp, Offset: 03970000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_54_2_3970000_RBClientService.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 33955f93fbb87bce23b1c3b6a8dc5dbe017755968cce8661f8f71ba654dbd13f
                                                                                                                                                                                                                                                                            • Instruction ID: 10d57aca01cacdbb6526806ce250bd122cd33a04f7ee18cd9d0725c2be04d91a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33955f93fbb87bce23b1c3b6a8dc5dbe017755968cce8661f8f71ba654dbd13f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11B01234604000CFEB009640C004BDC3662D748324F000010D40A537C486789C81C951
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%